CVE-2024-41026

Summary

In the Linux kernel, the following vulnerability has been resolved:

mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length

No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sg_miter's length.

Limit the number of transmitted bytes to sgm->length.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxed01d210fd910f7fa7933638df14ffb8d4aac2a9 < c561c4ecce712f94b442db5960e281f13b28df2eaffected
LinuxLinuxed01d210fd910f7fa7933638df14ffb8d4aac2a9 < 16198eef11c1929374381d7f6271b4bf6aa44615affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.9.10 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References