CVE-2024-38541
Description
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-8870.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:8870
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-8856.html
Vendor advisory: alma — https://bugzilla.redhat.com/2317601
Vendor advisory: alma — https://bugzilla.redhat.com/2315178
Vendor advisory: alma — https://bugzilla.redhat.com/2311715
Vendor advisory: alma — https://bugzilla.redhat.com/2309853
Vendor advisory: alma — https://bugzilla.redhat.com/2309852
Vendor advisory: alma — https://bugzilla.redhat.com/2307892
Vendor advisory: alma — https://bugzilla.redhat.com/2307865
Vendor advisory: alma — https://bugzilla.redhat.com/2307862
Vendor advisory: alma — https://bugzilla.redhat.com/2300517
Vendor advisory: alma — https://bugzilla.redhat.com/2300508
Vendor advisory: alma — https://bugzilla.redhat.com/2300488
Vendor advisory: alma — https://bugzilla.redhat.com/2300487
Vendor advisory: alma — https://bugzilla.redhat.com/2300442
Vendor advisory: alma — https://bugzilla.redhat.com/2300412
Vendor advisory: alma — https://bugzilla.redhat.com/2298412
Vendor advisory: alma — https://bugzilla.redhat.com/2298109
Vendor advisory: alma — https://bugzilla.redhat.com/2297568
Vendor advisory: alma — https://bugzilla.redhat.com/2297567
Vendor advisory: alma — https://bugzilla.redhat.com/2297545
Vendor advisory: alma — https://bugzilla.redhat.com/2297508
Vendor advisory: alma — https://bugzilla.redhat.com/2297475
Vendor advisory: alma — https://bugzilla.redhat.com/2293459
Vendor advisory: alma — https://bugzilla.redhat.com/2293458
Vendor advisory: alma — https://bugzilla.redhat.com/2293402
Vendor advisory: alma — https://bugzilla.redhat.com/2293356
Vendor advisory: alma — https://bugzilla.redhat.com/2281817
Vendor advisory: alma — https://bugzilla.redhat.com/2281669
Vendor advisory: alma — https://bugzilla.redhat.com/2281284
Vendor advisory: alma — https://bugzilla.redhat.com/2278387
Vendor advisory: alma — https://bugzilla.redhat.com/2278350
Vendor advisory: alma — https://bugzilla.redhat.com/2278262
Vendor advisory: alma — https://bugzilla.redhat.com/2277168
Vendor advisory: alma — https://bugzilla.redhat.com/2275750
Vendor advisory: alma — https://bugzilla.redhat.com/2269183
Vendor advisory: alma — https://bugzilla.redhat.com/2266247
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:8856
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-38541
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-38541.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:8856
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:8870
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:6966
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.137-1 |
| debian | bullseye | fixed | 5.10.244-1 |
| debian | forky | fixed | 6.8.12-1 |
| debian | sid | fixed | 6.8.12-1 |
| debian | trixie | fixed | 6.8.12-1 |
References
- https://access.redhat.com/errata/RHSA-2025:6966
- https://errata.rockylinux.org/RLSA-2024:8870
- https://errata.rockylinux.org/RLSA-2024:8856
- https://www.suse.com/security/cve/CVE-2024-38541.html
- https://security-tracker.debian.org/tracker/CVE-2024-38541
- https://access.redhat.com/errata/RHSA-2024:8856
- https://bugzilla.redhat.com/2266247
- https://bugzilla.redhat.com/2269183
- https://bugzilla.redhat.com/2275750
- https://bugzilla.redhat.com/2277168
- https://bugzilla.redhat.com/2278262
- https://bugzilla.redhat.com/2278350
- https://bugzilla.redhat.com/2278387
- https://bugzilla.redhat.com/2281284
- https://bugzilla.redhat.com/2281669
- https://bugzilla.redhat.com/2281817
- https://bugzilla.redhat.com/2293356
- https://bugzilla.redhat.com/2293402
- https://bugzilla.redhat.com/2293458
- https://bugzilla.redhat.com/2293459
- https://bugzilla.redhat.com/2297475
- https://bugzilla.redhat.com/2297508
- https://bugzilla.redhat.com/2297545
- https://bugzilla.redhat.com/2297567
- https://bugzilla.redhat.com/2297568
Verify integrity in audit chain (admin only). AS-IS.