VDB

CISA-2024-42292

CISA-2024-42292 PUBLISHED

Reported by Linux · Published August 17, 2024

In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.

Affected Products

VendorProductVersions
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008, 9b3fa47d4a76b1d606a396455f9bbeee083ef008, 9b3fa47d4a76b1d606a396455f9bbeee083ef008
LinuxLinux4.15, 0, 4.19.320
LinuxLinux0, 9b3fa47d4a76b1d606a396455f9bbeee083ef008, 9b3fa47d4a76b1d606a396455f9bbeee083ef008
linuxlinux_kernel4.15, 4.15, 4.15

Timeline

  • Aug 17, 2024 CVE Published
  • Nov 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›