Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access. We were just lucky so far since we used only a couple of PDIs and remained within the PDI array bounds. A Fixes: tag is not provided since there are no known platforms where the out-of-bounds would be accessed, and the initial code had problems as well. A follow-up patch completely removes this useless offset.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.4.278 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089Patch
- https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567Patch
- https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785Patch
- https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021Patch
- https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91Patch
- https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078Patch
- https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328Patch
- https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089Patch
- https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567Patch
- https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785Patch
- https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021Patch
- https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91Patch
- https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078Patch
- https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328Patch
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
FAQ
What is CVE-2024-38635?
CVE-2024-38635 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 whic...
How severe is CVE-2024-38635?
CVE-2024-38635 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-38635?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.