CVE-2024-41039Classic Buffer Overflow in Linux

CWE-120Classic Buffer OverflowCWE-122Heap-based Buffer Overflow26 documents6 sources
Severity
7.8HIGHNVD
OSV9.9OSV5.5
EPSS
0.0%
top 97.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelZopefoundation Restrictedpython+2 more
Timeline
PublishedJul 29
Latest updateMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent st

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel5.166.1.100+3
Debianlinux/linux_kernel< 6.1.106-1+2
Ubuntulinux/linux_kernel< 6.8.0-48.48
CVEListV5linux/linuxf6bc909e7673c30abcbdb329e7d0aa2e83c103d7fd035f0810b33c2a8792effdb82bf35920221565+4
debiandebian/linux< linux 6.1.106-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
restrictedpython vulnerabilities2025-03-18
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities2024-11-19
OSV
linux-gke vulnerabilities2024-11-15
OSV
linux-raspi vulnerabilities2024-11-14

📋Vendor Advisories

12
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel (Low Latency) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-15
Ubuntu
Linux kernel vulnerabilities2024-11-14
Ubuntu
Linux kernel vulnerabilities2024-11-13