Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.16 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8Patch
- https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cffPatch
- https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1Patch
- https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8Patch
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
FAQ
What is CVE-2024-42237?
CVE-2024-42237 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_...
How severe is CVE-2024-42237?
CVE-2024-42237 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-42237?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.