CVE-2024-42237
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Validate payload length before processing block
Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed.
The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 < 259955eca9b7acf1299b1ac077d8cfbe12df35d8 | affected |
| Linux | Linux | f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 < 3a9cd924aec1288d675df721f244da4dd7e16cff | affected |
| Linux | Linux | f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 < 71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8 | affected |
| Linux | Linux | f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 < 6598afa9320b6ab13041616950ca5f8f938c0cf1 | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 6.1.100 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.41 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.10 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8
- https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff
- https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8
- https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.