7.1

CVE-2024-42292

kobject_uevent: Fix OOB access within zap_modalias_env()

In the Linux kernel, the following vulnerability has been resolved:

kobject_uevent: Fix OOB access within zap_modalias_env()

zap_modalias_env() wrongly calculates size of memory block to move, so
will cause OOB memory access issue if variable MODALIAS is not the last
one within its @env parameter, fixed by correcting size to memmove.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15.1 < 4.19.320
LinuxLinux Kernel Version >= 4.20 < 5.4.282
LinuxLinux Kernel Version >= 5.5 < 5.10.224
LinuxLinux Kernel Version >= 5.11 < 5.15.165
LinuxLinux Kernel Version >= 5.16 < 6.1.103
LinuxLinux Kernel Version >= 6.2 < 6.6.44
LinuxLinux Kernel Version >= 6.7 < 6.10.3
LinuxLinux Kernel Version4.15 Update-
LinuxLinux Kernel Version4.15 Updaterc6
LinuxLinux Kernel Version4.15 Updaterc7
LinuxLinux Kernel Version4.15 Updaterc8
LinuxLinux Kernel Version4.15 Updaterc9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.158
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762
Patch
https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2
Patch
https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168
Patch
https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d
Patch
https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90
Patch
https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5
Patch
https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d
Patch
https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html