1. Home
  2. Vulnerabilities
  3. CVE-2024-38541

CVE-2024-38541

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 0.04 % (16th)
0.04% Progress
Advisories 17
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

of: module: add buffer overflow check in of_modalias()

In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).

Weaknesses
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
kernel.org
Published Date
2024-06-19 14:15:14
(2 months ago)
Updated Date
2024-07-03 02:05:10
(2 months ago)