PT-2024-8929 · Linux+9 · Linux Kernel+9

Sergey Shtylyov

·

Published

2024-05-08

·

Updated

2026-05-26

·

CVE-2024-38541

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to a buffer overflow in the of modalias() function. If the buffer is too small, the len parameter becomes negative, and the str parameter points beyond the buffer's end. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is resolved by adding a buffer overflow check after the first snprintf() call and fixing the check after the strlen() call.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2024:8856
ALSA-2024:8870
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-10603
CESA-2024_8856
CESA-2024_8870
CVE-2024-38541
DLA-4193-1
DLA-4327-1
ECHO-4747-0F17-155F
INFSA-2024_8856
INFSA-2024_8870
INFSA-2025_6966
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1766
OESA-2024-1767
OESA-2024-1792
OESA-2024-1796
OPENSUSE-SU-2024_2362-1
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
RHSA-2024:10771
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024_8856
RHSA-2024_8870
RHSA-2025:6966
RHSA-2025_6966
RLSA-2024:8856
RLSA-2024:8870
SUSE-SU-2024:2362-1
SUSE-SU-2024:2365-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2384-1
SUSE-SU-2024:2385-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2495-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7685-1
USN-7685-2
USN-7685-3
USN-7685-4
USN-7685-5
USN-7686-1
USN-7701-1
USN-7701-2
USN-7701-3
USN-7711-1
USN-7712-1
USN-7712-2
USN-7819-1
USN-7819-2
USN-7832-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu