Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-38616

Disclosure Date: June 19, 2024 •

CVE-2024-38616

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: carl9170: re-fix fortified-memset warning

The carl9170_tx_release() function sometimes triggers a fortified-memset
warning in my randconfig builds:

In file included from include/linux/string.h:254,

             from drivers/net/wireless/ath/carl9170/tx.c:40:

In function ‘fortify_memset_chk’,

inlined from 'carl9170_tx_release' at drivers/net/wireless/ath/carl9170/tx.c:283:2,
inlined from 'kref_put' at include/linux/kref.h:65:3,
inlined from 'carl9170_tx_put_skb' at drivers/net/wireless/ath/carl9170/tx.c:342:9:

include/linux/fortify-string.h:493:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]
493 | __write_overflow_field(p_size_field, size);

Kees previously tried to avoid this by using memset_after(), but it seems
this does not fully address the problem. I noticed that the memset_after()
here is done on a different part of the union (status) than the original
cast was from (rate_driver_data), which may confuse the compiler.

Unfortunately, the memset_after() trick does not work on driver_rates[]
because that is part of an anonymous struct, and I could not get
struct_group() to do this either. Using two separate memset() calls
on the two members does address the warning though.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-38616 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38616)

Miscellaneous

https://git.kernel.org/stable/c/13857683126e8a6492af73c74d702835f7a2175b

https://git.kernel.org/stable/c/87586467098281f04fa93e59fe3a516b954bddc4

https://git.kernel.org/stable/c/0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83

https://git.kernel.org/stable/c/042a39bb8e0812466327a5102606e88a5a4f8c02

https://git.kernel.org/stable/c/066afafc10c9476ee36c47c9062527a17e763901

Rapid7

Unknown

CVE-2024-38616

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-38616

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-38616

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-38616

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification