vulnerability

Red Hat: CVE-2024-38541: kernel: of: module: add buffer overflow check in of_modalias() (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:N/I:N/A:C)	Jun 19, 2024	Nov 6, 2024	Mar 27, 2026

Severity

CVSS

(AV:L/AC:L/Au:M/C:N/I:N/A:C)

Published

Jun 19, 2024

Added

Nov 6, 2024

Modified

Mar 27, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

of: module: add buffer overflow check in of_modalias()

In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-120
EUVD-EUVD-2024-37404
NVD-CVE-2024-38541
REDHAT-RHSA-2024:10771
REDHAT-RHSA-2024:8856
REDHAT-RHSA-2024:8870
REDHAT-RHSA-2025:6966
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-37404

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report