CVE-2024-41039
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-41039
CVE Details
| Release Date: | 2024-07-29 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nfirmware: cs_dsp: Fix overflow checking of wmfw header\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\nwmfw_header + wmfw_adsp1_sizes + wmfw_footer\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn't guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used.
See more information about CVE-2024-41039 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.2 | CVSS Vector: | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H |
| Attack Vector: | Local network | Attack Complexity: | High |
| Privileges Required: | High | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | Low |
| Integrity Impact: | Low | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel) | ELSA-2024-7000 | 2024-09-24 |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
