CVE-2024-41039
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-41039
CVE Details
| Release Date: | 2024-07-29 | |
| Impact: | Moderate | What is this? |
Description
In the Linux kernel, the following vulnerability has been resolved:\nfirmware: cs_dsp: Fix overflow checking of wmfw header\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\nwmfw_header + wmfw_adsp1_sizes + wmfw_footer\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn't guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used.
See more information about CVE-2024-41039 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.2 |
| Vector String: | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | High |
| Privileges Required: | High |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality Impact: | Low |
| Integrity Impact: | Low |
| Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel) | ELSA-2024-7000 | 2024-09-24 |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
