CVE-2024-38541Classic Buffer Overflow in Linux

CWE-120Classic Buffer OverflowCWE-121Stack-based Buffer Overflow57 documents7 sources
Severity
9.8CRITICALNVD
OSV8.8OSV7.8OSV6.5
EPSS
0.1%
top 70.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedJun 19
Latest updateOct 21

Description

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel4.145.4.294+6
Debianlinux/linux_kernel< 5.10.244-1+3
Ubuntulinux/linux_kernel< 5.15.0-144.157+3
CVEListV5linux/linuxbc575064d688c8933a6ca51429bea9bc63628d3b46795440ef2b4ac919d09310a69a404c5bc90a88+8
debiandebian/linux< linux 6.1.137-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

28
OSV
linux-azure-fips vulnerabilities2025-10-21
OSV
linux-oracle-5.4 vulnerabilities2025-10-21
OSV
linux-azure, linux-azure-5.4 vulnerabilities2025-10-13
OSV
linux-azure-5.15 vulnerabilities2025-09-02
OSV
linux-azure-fips vulnerabilities2025-08-22

📋Vendor Advisories

28
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-10-21
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-10-21
Ubuntu
Linux kernel (Azure) vulnerabilities2025-10-13
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-02
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-08-22