Lucene search
LinuxCVELIST:CVE-2024-38541HistoryJun 19, 2024 - 1:35 p.m.
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
2024-06-1913:35:16
Linux
www.cve.org
8
linux kernel
buffer overflow
of_modalias
cve-2024-38541
vulnerability
EPSS
0
Percentile
15.5%
In the Linux kernel, the following vulnerability has been resolved:
of: module: add buffer overflow check in of_modalias()
In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer’s end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/of/module.c"
],
"versions": [
{
"version": "bc575064d688",
"lessThan": "0b0d5701a8bf",
"status": "affected",
"versionType": "git"
},
{
"version": "bc575064d688",
"lessThan": "ee332023adfd",
"status": "affected",
"versionType": "git"
},
{
"version": "bc575064d688",
"lessThan": "e45b69360a63",
"status": "affected",
"versionType": "git"
},
{
"version": "bc575064d688",
"lessThan": "cf7385cb26ac",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/of/module.c"
],
"versions": [
{
"version": "4.14",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.14",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.33",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.12",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.3",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]Related
osv
osv
CVE-2024-38541
2024-06-19 14:15:14
UBUNTU-CVE-2024-38541
2024-06-19 14:15:00
Security update for the Linux Kernel
2024-07-10 13:03:41
debiancve
debiancve
CVE-2024-38541
2024-06-19 14:15:14
nvd
nvd
CVE-2024-38541
2024-06-19 14:15:14
vulnrichment
vulnrichment
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
2024-06-19 13:35:16
redhatcve
redhatcve
CVE-2024-38541
2024-06-20 17:57:05
ubuntucve
ubuntucve
CVE-2024-38541
2024-06-19 00:00:00
cve
cve
CVE-2024-38541
2024-06-19 14:15:14
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2495-1)
2024-07-17 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2365-1)
2024-07-10 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2362-1)
2024-07-10 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:2362-1)
2024-07-12 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2418)
2024-09-12 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2369)
2024-09-12 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-08-13 00:00:00
Linux kernel vulnerabilities
2024-08-09 00:00:00
Linux kernel (OEM) vulnerabilities
2024-08-12 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2024-07-14 08:23:38