CVE-2024-26927

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Add some bounds checking to firmware data

Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd2458baa799fff377660d86323dd20a3f4deecb4 < d133d67e7e724102d1e53009c4f88afaaf3e167caffected
LinuxLinuxd2458baa799fff377660d86323dd20a3f4deecb4 < ced7df8b3c5c4751244cad79011e86cf1f809153affected
LinuxLinuxd2458baa799fff377660d86323dd20a3f4deecb4 < 044e220667157fb9d59320341badec59cf45ba48affected
LinuxLinuxd2458baa799fff377660d86323dd20a3f4deecb4 < 9eeb8e1231f6450c574c1db979122e171a1813abaffected
LinuxLinuxd2458baa799fff377660d86323dd20a3f4deecb4 < 98f681b0f84cfc3a1d83287b77697679e0398306affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.83 <= 6.1.*unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References