CVE-2024-42292

In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762	Patch
https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2	Patch
https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168	Patch
https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d	Patch
https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90	Patch
https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5	Patch
https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d	Patch
https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.15:-::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc6::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc7::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc8::::::
	cpe:2.3:o:linux:linux_kernel:4.15:rc9::::::

History

19 Sep 2025, 16:19

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762 -~~	() https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762 - Patch
References	~~() https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2 -~~	() https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2 - Patch
References	~~() https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168 -~~	() https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168 - Patch
References	~~() https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d -~~	() https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d - Patch
References	~~() https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90 -~~	() https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90 - Patch
References	~~() https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5 -~~	() https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5 - Patch
References	~~() https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d -~~	() https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d - Patch
References	~~() https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc -~~	() https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc - Patch
CPE		cpe:2.3:o:linux:linux_kernel:4.15:-:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc6:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc8:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc7:::::: cpe:2.3:o:linux:linux_kernel:4.15:rc9:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		CWE-125
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1

Information

Published : 2024-08-17 09:15

Updated : 2025-09-19 16:19

NVD link : CVE-2024-42292

Mitre link : CVE-2024-42292

CVE.ORG link : CVE-2024-42292

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

7.1 /10