CVE-2024-38541

of: module: add buffer overflow check in of_modalias()

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

of: module: add buffer overflow check in of_modalias()

In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: of: módulo: agregar control de desbordamiento del búfer of_modalias() En of_modalias(), si el búfer es demasiado pequeño incluso para la primera llamada a snprintf(), el parámetro len se vuelve negativo y el parámetro str (si no es NULL inicialmente) apuntará más allá del final del búfer. Agregue la verificación de desbordamiento del búfer después de la primera llamada a snprintf() y corrija dicha verificación después de la llamada strlen() (teniendo en cuenta el carácter NUL de terminación).

*Credits: N/A

CVSS Scores

CISAv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-06-20 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/bc575064d688c8933a6ca51429bea9bc63628d3b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6	2024-06-12
https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e	2024-05-30
https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a	2024-05-30
https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252	2024-05-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.10"		en		Affected