PT-2024-9804 · Linux+5 · Linux Kernel+5

Published

2024-04-04

·

Updated

2025-02-03

·

CVE-2024-38616

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to a fortified-memset warning in the carl9170 tx release() function, which may cause memory corruption. The warning is triggered by a call to write overflow field, indicating a potential write beyond the size of a field. The problem is not fully addressed by using memset after() due to the complexity of the union and anonymous struct involved. Using two separate memset() calls on the two members resolves the warning.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-119

Related Identifiers

BDU:2024-11578
CVE-2024-38616
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-2076
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6952-1
USN-6952-2
USN-6955-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu