{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35878", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.110Z", "datePublished": "2024-05-19T08:34:35.622Z", "dateUpdated": "2024-11-12T16:44:31.927Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:24:19.604Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/of/module.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "e4a449368a2c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "544561dc56f7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a1aa5390cc91", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/of/module.c"], "versions": [{"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b"}, {"url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898"}, {"url": "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987"}], "title": "of: module: prevent NULL pointer dereference in vsnprintf()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-21T15:36:29.071642Z", "id": "CVE-2024-35878", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T16:44:31.927Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.254Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.254Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-35878", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:36:29.071642Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.205Z"}}], "cna": {"title": "of: module: prevent NULL pointer dereference in vsnprintf()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "e4a449368a2c", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "544561dc56f7", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a1aa5390cc91", "versionType": "git"}], "programFiles": ["drivers/of/module.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.6.26", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/of/module.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b"}, {"url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898"}, {"url": "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:24:19.604Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35878", "state": "PUBLISHED", "dateUpdated": "2024-11-12T16:44:31.927Z", "dateReserved": "2024-05-17T13:50:33.110Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-19T08:34:35.622Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: de: m\u00f3dulo: evita la desreferencia del puntero NULL en vsnprintf() En of_modalias(), podemos pasar los par\u00e1metros str y len que provocar\u00edan un kernel ups en vsnprintf() ya que solo permite pasar un ptr NULL cuando la longitud tambi\u00e9n es 0. Adem\u00e1s, necesitamos filtrar los valores negativos del par\u00e1metro len ya que estos dar\u00e1n como resultado un b\u00fafer realmente enorme ya que snprintf() toma el par\u00e1metro size_t mientras que el nuestro es ssize_t... Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico Svace."}], "id": "CVE-2024-35878", "lastModified": "2024-11-21T09:21:06.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-19T09:15:09.090", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: of: module: prevent NULL pointer dereference in vsnprintf()", "id": "2281718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281718"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nof: module: prevent NULL pointer dereference in vsnprintf()\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.", "A null pointer dereference vulnerability was found in vsnprintf when str and len parameters are passed to vsnprintf(), which only allows passing a NULL ptr\nwhen the length is 0. This issue can result in a crash and damage to availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35878", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35878\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35878\nhttps://lore.kernel.org/linux-cve-announce/2024051943-CVE-2024-35878-5af8@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.26, kernel 6.8.5, kernel 6.9"}