{"id":"CVE-2024-27401","summary":"firewire: nosy: ensure user_length is taken into account when fetching packet contents","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: nosy: ensure user_length is taken into account when fetching packet contents\n\nEnsure that packet_buffer_get respects the user_length provided. If\nthe length of the head packet exceeds the user_length, packet_buffer_get\nwill now return 0 to signify to the user that no data were read\nand a larger buffer size is required. Helps prevent user space overflows.","modified":"2026-07-08T07:19:31.825400788Z","published":"2024-05-13T10:29:53.862Z","related":["SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2008-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2135-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2190-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27401.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"},{"type":"WEB","url":"https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27401.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27401"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"286468210d83ce0ca1e37e346ed9f4457a161650"},{"fixed":"67f34f093c0f7bf33f5b4ae64d3d695a3b978285"},{"fixed":"7b8c7bd2296e95b38a6ff346242356a2e7190239"},{"fixed":"cca330c59c54207567a648357835f59df9a286bb"},{"fixed":"79f988d3ffc1aa778fc5181bdfab312e57956c6b"},{"fixed":"4ee0941da10e8fdcdb34756b877efd3282594c1f"},{"fixed":"1fe60ee709436550f8cfbab01295936b868d5baa"},{"fixed":"539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"},{"fixed":"38762a0763c10c24a4915feee722d7aa6e73eb98"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27401.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.36"},{"fixed":"4.19.314"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.276"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.217"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.91"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.31"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.8.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27401.json"}}],"schema_version":"1.7.5"}