CVE-2024-38541: of: module: add buffer overflow check in of_modalias()

Published Jun 19, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

of: module: add buffer overflow check in ofmodalias()

In ofmodalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).

Other sources

In the Linux kernel, the following vulnerability has been resolved:

of: module: add buffer overflow check in ofmodalias()

The Linux kernel CVE team has assigned CVE-2024-38541 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38541-53d0@gregkh/T

Red Hat

Affected Software

15 affected componentsFixes available
debian/linux<=5.10.223-1, <=5.10.234-1, <=6.1.129-1, <=6.1.135-1
6.12.25-16.12.27-1
Linux Linux kernel>=4.14<6.6.33
Linux Linux kernel>=6.7<6.8.12
Linux Linux kernel>=6.9<6.9.3
redhat/kernel<6.6.33
6.6.33
redhat/kernel<6.8.12
6.8.12
redhat/kernel<6.9.3
6.9.3
redhat/kernel<6.10
6.10
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2
Linux Linux kernel>=4.14<5.4.294
Linux Linux kernel>=5.5<5.10.238
Linux Linux kernel>=5.11<5.15.182
Linux Linux kernel>=5.16<6.1.136
Linux Linux kernel>=6.2<6.6.33

Remediation

Patch Available

https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6

Patch Available

https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252

Patch Available

https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a

Patch Available

https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e

Patch Available

https://git.kernel.org/stable/c/46795440ef2b4ac919d09310a69a404c5bc90a88

Patch Available

https://git.kernel.org/stable/c/5d59fd637a8af42b211a92b2edb2474325b4d488

Patch Available

https://git.kernel.org/stable/c/733e62786bdf1b2b9dbb09ba2246313306503414

Patch Available

https://git.kernel.org/stable/c/c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8

Event History

Jun 19, 2024
CVE Published
via MITRE·01:35 PM
Data Sourced
via MITRE·01:35 PM
Description
Data Sourced
via NVD·02:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Aug 8, 2024
Data Sourced
via Launchpad·11:29 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:29 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-38541?

CVE-2024-38541 is classified as a medium severity vulnerability due to potential buffer overflow issues in the Linux kernel.

2

How do I fix CVE-2024-38541?

To fix CVE-2024-38541, update the Linux kernel to version 6.6.33 or later for Red Hat and 5.10.223-1 or 6.1.128-1 for Debian.

3

Which systems are affected by CVE-2024-38541?

CVE-2024-38541 affects various versions of the Linux kernel primarily on Red Hat and Debian distributions.

4

What causes the CVE-2024-38541 vulnerability?

CVE-2024-38541 is caused by a lack of proper buffer overflow checks in the of_modalias() function within the Linux kernel.

5

Are there any workarounds for CVE-2024-38541?

Currently, the recommended approach is to apply the necessary kernel updates as there are no known effective workarounds for CVE-2024-38541.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203