CVE-2024-42292

Summary

In the Linux kernel, the following vulnerability has been resolved:

kobject_uevent: Fix OOB access within zap_modalias_env()

zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < 81a15d28f32af01493ae8c5457e0d55314a4167daffected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < b59a5e86a3934f1b6a5bd1368902dbc79bdecc90affected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < 648d5490460d38436640da0812bf7f6351c150d2affected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < c5ee8adc8d98a49703320d13878ba2b923b142f5affected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < 68d63ace80b76395e7935687ecdb86421adc2168affected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < 57fe01d3d04276875c7e3a6dc763517fc05b8762affected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < d4663536754defff75ff1eca0aaebc41da165a8daffected
LinuxLinux9b3fa47d4a76b1d606a396455f9bbeee083ef008 < dd6e9894b451e7c85cceb8e9dc5432679a70e7dcaffected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux4.19.320 <= 4.19.*unaffected
LinuxLinux5.4.282 <= 5.4.*unaffected
LinuxLinux5.10.224 <= 5.10.*unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References