DEBIAN-CVE-2024-38541

DEBIAN-CVE-2024-38541 PUBLISHED CVSS 9.800000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux-6.1	*, 6.1.129-1, 0
Debian:13	linux	0, 0
Debian:12	linux	*, 6.1.38-1, 6.1.90-1
Debian:11	linux	5.10.70-1, 5.10.179-2, 0
Debian:14	linux	0, 0

Exploit Intelligence

7819-2.json (github-poc)

Timeline

Jun 19, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-38541 advisory

Open in Interactive Console →