In the Linux kernel, the following vulnerability has been resolved:
of: module: prevent NULL pointer dereference in vsnprintf()
In ofmodalias(), we can get passed the str and len parameters which would cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr when the length is also 0. Also, we need to filter out the negative values of the len parameter as these will result in a really huge buffer since snprintf() takes sizet parameter while ours is ssize_t...
Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool.
[
    {
        "id": "CVE-2024-35878-32e7f7f1",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/of/module.c"
        },
        "digest": {
            "line_hashes": [
                "220993470896492776201381344581740815249",
                "218759772730606846924884374711283025488",
                "43344045917278489596283999290836121658"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1aa5390cc912934fee76ce80af5f940452fa987"
    },
    {
        "id": "CVE-2024-35878-a3b67b1d",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/of/module.c"
        },
        "digest": {
            "line_hashes": [
                "220993470896492776201381344581740815249",
                "218759772730606846924884374711283025488",
                "43344045917278489596283999290836121658"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544561dc56f7e69a053c25e11e6170f48bb97898"
    },
    {
        "id": "CVE-2024-35878-a809dd42",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/of/module.c",
            "function": "of_modalias"
        },
        "digest": {
            "function_hash": "79722615483041881603629778213368311301",
            "length": 611.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1aa5390cc912934fee76ce80af5f940452fa987"
    },
    {
        "id": "CVE-2024-35878-affc791c",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/of/module.c"
        },
        "digest": {
            "line_hashes": [
                "220993470896492776201381344581740815249",
                "218759772730606846924884374711283025488",
                "43344045917278489596283999290836121658"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4a449368a2ce6d57a775d0ead27fc07f5a86e5b"
    },
    {
        "id": "CVE-2024-35878-d3fa95de",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/of/module.c",
            "function": "of_modalias"
        },
        "digest": {
            "function_hash": "79722615483041881603629778213368311301",
            "length": 611.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@544561dc56f7e69a053c25e11e6170f48bb97898"
    },
    {
        "id": "CVE-2024-35878-f80c4531",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "drivers/of/module.c",
            "function": "of_modalias"
        },
        "digest": {
            "function_hash": "79722615483041881603629778213368311301",
            "length": 611.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e4a449368a2ce6d57a775d0ead27fc07f5a86e5b"
    }
]