CVE - CVE-2024-42292

CVE-ID
CVE-2024-42292	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762 URL:https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762 MISC:https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2 URL:https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2 MISC:https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168 URL:https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168 MISC:https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d URL:https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d MISC:https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90 URL:https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90 MISC:https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5 URL:https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5 MISC:https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d URL:https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d MISC:https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc URL:https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc
Assigning CNA
kernel.org
Date Record Created
20240730	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240730)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.