CVE-2024-42097

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: emux: improve patch ioctl data validation

In load_data(), make the validation of and skipping over the main info block match that in load_guspatch().

In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 40d7def67841343c10f8642a41031fecbb248babaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 79d9a000f0220cdaba1682d2a23c0d0c61d620a3affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d23982ea9aa438f35a8c8a6305943e98a8db90f6affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7a18293fd8d8519c2f7a03753bc1583b18e3db69affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d0ff2443fcbb472206d45a5d2a90cc694065804eaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 87039b83fb7bfd7d0e0499aaa8e6c049906b4d14affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 89b32ccb12ae67e630c6453d778ec30a592a212faffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.19.317 <= 4.19.*unaffected
LinuxLinux5.4.279 <= 5.4.*unaffected
LinuxLinux5.10.221 <= 5.10.*unaffected
LinuxLinux5.15.162 <= 5.15.*unaffected
LinuxLinux6.1.97 <= 6.1.*unaffected
LinuxLinux6.6.37 <= 6.6.*unaffected
LinuxLinux6.9.8 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References