CVE-2024-38616
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38616
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38616.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38616
- Downstream
- Related
- Published
- 2024-06-19T13:56:16.086Z
- Modified
- 2025-11-20T05:20:21.075420Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
- Summary
- wifi: carl9170: re-fix fortified-memset warning
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: carl9170: re-fix fortified-memset warning
The carl9170txrelease() function sometimes triggers a fortified-memset warning in my randconfig builds:
In file included from include/linux/string.h:254, from drivers/net/wireless/ath/carl9170/tx.c:40: In function 'fortifymemsetchk', inlined from 'carl9170txrelease' at drivers/net/wireless/ath/carl9170/tx.c:283:2, inlined from 'krefput' at include/linux/kref.h:65:3, inlined from 'carl9170txputskb' at drivers/net/wireless/ath/carl9170/tx.c:342:9: include/linux/fortify-string.h:493:25: error: call to '_writeoverflowfield' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use structgroup()? [-Werror=attribute-warning] 493 | _writeoverflowfield(psize_field, size);
Kees previously tried to avoid this by using memsetafter(), but it seems this does not fully address the problem. I noticed that the memsetafter() here is done on a different part of the union (status) than the original cast was from (ratedriverdata), which may confuse the compiler.
Unfortunately, the memsetafter() trick does not work on driverrates[] because that is part of an anonymous struct, and I could not get struct_group() to do this either. Using two separate memset() calls on the two members does address the warning though.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/042a39bb8e0812466327a5102606e88a5a4f8c02
- https://git.kernel.org/stable/c/066afafc10c9476ee36c47c9062527a17e763901
- https://git.kernel.org/stable/c/0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83
- https://git.kernel.org/stable/c/13857683126e8a6492af73c74d702835f7a2175b
- https://git.kernel.org/stable/c/87586467098281f04fa93e59fe3a516b954bddc4
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb5f6a0e8063b7a84d6d44ef353846ccd7708d2eFixed13857683126e8a6492af73c74d702835f7a2175b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb5f6a0e8063b7a84d6d44ef353846ccd7708d2eFixed87586467098281f04fa93e59fe3a516b954bddc4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb5f6a0e8063b7a84d6d44ef353846ccd7708d2eFixed0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb5f6a0e8063b7a84d6d44ef353846ccd7708d2eFixed042a39bb8e0812466327a5102606e88a5a4f8c02
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb5f6a0e8063b7a84d6d44ef353846ccd7708d2eFixed066afafc10c9476ee36c47c9062527a17e763901
Affected versions
v5.*
v5.16
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.10
v6.8.11
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
Database specific
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c",
"function": "carl9170_tx_release"
},
"digest": {
"length": 988.0,
"function_hash": "29303071095815176447476132777019020239"
},
"id": "CVE-2024-38616-523477ca",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87586467098281f04fa93e59fe3a516b954bddc4",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c",
"function": "carl9170_tx_release"
},
"digest": {
"length": 988.0,
"function_hash": "29303071095815176447476132777019020239"
},
"id": "CVE-2024-38616-5874a9a8",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c",
"function": "carl9170_tx_release"
},
"digest": {
"length": 988.0,
"function_hash": "29303071095815176447476132777019020239"
},
"id": "CVE-2024-38616-62a11b89",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042a39bb8e0812466327a5102606e88a5a4f8c02",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"124628318421551258884298867421073978311",
"66370237567335848712982390456208166421",
"27036052421335726930994061846184718164",
"239832613858361081149133953984030964822"
]
},
"id": "CVE-2024-38616-6b36c2e5",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c38c9c460bb8ce8d6f6cf316e0d71a70983ec83",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"124628318421551258884298867421073978311",
"66370237567335848712982390456208166421",
"27036052421335726930994061846184718164",
"239832613858361081149133953984030964822"
]
},
"id": "CVE-2024-38616-84f9ed25",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87586467098281f04fa93e59fe3a516b954bddc4",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"124628318421551258884298867421073978311",
"66370237567335848712982390456208166421",
"27036052421335726930994061846184718164",
"239832613858361081149133953984030964822"
]
},
"id": "CVE-2024-38616-98c4d33a",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@13857683126e8a6492af73c74d702835f7a2175b",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c",
"function": "carl9170_tx_release"
},
"digest": {
"length": 988.0,
"function_hash": "29303071095815176447476132777019020239"
},
"id": "CVE-2024-38616-9b50ab47",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@13857683126e8a6492af73c74d702835f7a2175b",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"124628318421551258884298867421073978311",
"66370237567335848712982390456208166421",
"27036052421335726930994061846184718164",
"239832613858361081149133953984030964822"
]
},
"id": "CVE-2024-38616-bb80e02b",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@066afafc10c9476ee36c47c9062527a17e763901",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"124628318421551258884298867421073978311",
"66370237567335848712982390456208166421",
"27036052421335726930994061846184718164",
"239832613858361081149133953984030964822"
]
},
"id": "CVE-2024-38616-dd10ac90",
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042a39bb8e0812466327a5102606e88a5a4f8c02",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ath/carl9170/tx.c",
"function": "carl9170_tx_release"
},
"digest": {
"length": 988.0,
"function_hash": "29303071095815176447476132777019020239"
},
"id": "CVE-2024-38616-e4454a39",
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@066afafc10c9476ee36c47c9062527a17e763901",
"signature_version": "v1"
}
]