Sergey Shtylyov

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a buffer overflow in the `of modalias()` function. If the buffer is too small, the `len` parameter becomes negative, and the `str` parameter points beyond the buffer's end. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is resolved by adding a buffer overflow check after the first `snprintf()` call and fixing the check after the `strlen()` call. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the `vsnprintf()` function within the Linux kernel. Specifically, in the `of modalias()` function, the `str` and `len` parameters can cause a kernel oops in `vsnprintf()` if a NULL pointer is passed without a length of 0. Additionally, negative values of the `len` parameter must be filtered out to prevent huge buffer allocations, as `snprintf()` takes a `size t` parameter while the kernel uses `ssize t`. This vulnerability was found by the Linux Verification Center using the Svace static analysis tool. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.