CVE-2024-42292: kobject_uevent: Fix OOB access within zap_modalias_env()

Published Aug 17, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

kobjectuevent: Fix OOB access within zapmodaliasenv()

zapmodaliasenv() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.

Affected Software

16 affected componentsFixes available
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.22-16.12.25-1
debian/linux-6.1
6.1.129-1~deb11u1
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2
Linux Linux kernel>=4.15.1<4.19.320
Linux Linux kernel>=4.20<5.4.282
Linux Linux kernel>=5.5<5.10.224
Linux Linux kernel>=5.11<5.15.165
Linux Linux kernel>=5.16<6.1.103
Linux Linux kernel>=6.2<6.6.44
Linux Linux kernel>=6.7<6.10.3
Linux Linux kernel=4.15
Linux Linux kernel=4.15-rc6
Linux Linux kernel=4.15-rc7
Linux Linux kernel=4.15-rc8
Linux Linux kernel=4.15-rc9

Remediation

Patch Available

https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762

Patch Available

https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2

Patch Available

https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168

Patch Available

https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d

Patch Available

https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90

Patch Available

https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5

Patch Available

https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d

Patch Available

https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc

Event History

Aug 17, 2024
CVE Published
via MITRE·09:09 AM
Data Sourced
via MITRE·09:09 AM
Description
Data Sourced
via NVD·09:15 AM
Description
Data Sourced
via NVD·09:15 AM
RemedySeverityWeaknessAffected Software
Apr 27, 2025
Data Sourced
via Ubuntu·12:34 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-42292?

CVE-2024-42292 has a medium severity rating due to its out-of-bounds access vulnerability in the Linux kernel.

2

How do I fix CVE-2024-42292?

To fix CVE-2024-42292, upgrade your Linux kernel to version 5.10.226-1 or later, or to any of the specified versions above.

3

Which Linux versions are affected by CVE-2024-42292?

Affected Linux kernel versions include all versions up to 5.10.223-1 and specific versions of 6.1 and 6.12.

4

What are the consequences of not patching CVE-2024-42292?

Not patching CVE-2024-42292 may lead to potential system instability or unauthorized memory access.

5

Who is affected by CVE-2024-42292?

Users and administrators running vulnerable versions of the Linux kernel on their systems are at risk with CVE-2024-42292.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203