Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-38541

High

9.8/10

Summary

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

Advisory Timeline

Published Jun 19, 2024

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-38541

Summary

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS