CVE-2024-38541

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38541

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38541.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38541

Downstream

BELL-CVE-2024-38541

DEBIAN-CVE-2024-38541

DLA-4193-1

OESA-2024-1766

OESA-2024-1767

OESA-2024-1792

OESA-2024-1796

RHSA-2024:10771

RHSA-2024:8856

RHSA-2024:8870

RHSA-2025:6966

SUSE-SU-2024:2362-1

SUSE-SU-2024:2365-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2385-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2495-1

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

Related

Published

2024-06-19T14:15:14Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

of: module: add buffer overflow check in of_modalias()

In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).

References

Affected packages