CVE-2024-42237

UNKNOWN

Published 2024-08-07T15:14:26.221Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-42237. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

firmware: cs_dsp: Validate payload length before processing block

Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load()
to be done before the block is processed.

The check that the length of a block payload does not exceed the number
of remaining bytes in the firwmware file buffer was being done near the
end of the loop iteration. However, some code before that check used the
length field without validating it.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 f6bc909e7673c30abcbdb329e7d0aa2e83c103d7

Linux

Affected Versions:

5.16 0 6.1.100 6.6.41 6.9.10 6.10

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-wvp3-f576-fpv8

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-42237

WEB https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8

WEB https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff

WEB https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1

WEB https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8

Advisory provided by GitHub Security Advisory Database. Published: August 7, 2024, Modified: August 8, 2024

References

https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8

https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff

https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8

https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1

Published: 2024-08-07T15:14:26.221Z

Last Modified: 2025-05-04T09:24:48.143Z

Copied to clipboard!

CVE-2024-42237

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!