PT-2024-29842 · Linux+9 · Linux Kernel+9
Zijun Hu
·
Published
2024-06-12
·
Updated
2025-09-29
·
CVE-2024-42292
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.50
Description
The issue is related to an out-of-bounds (OOB) memory access in the
zap modalias env() function. This function wrongly calculates the size of the memory block to move, causing an OOB memory access issue if the MODALIAS variable is not the last one within its @env parameter. The problem is fixed by correcting the size calculation for memmove(). There is also a mention of an issue with the irqchip/imx-irqsteer component related to an out-of-bounds read error, which could lead to a denial of service.Recommendations
To resolve the issue, update to Linux kernel version 6.6.50 or later.
As a temporary workaround, consider restricting access to the vulnerable
zap modalias env() function until a patch is available.
Avoid using the MODALIAS variable in the affected @env parameter until the issue is resolved.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu