In the Linux kernel, the following vulnerability has been resolved:
firmware: cs_dsp: Validate payload length before processing block
Move the payload length check in csdspload() and csdspcoeff_load() to be done before the block is processed.
The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.
{ "vanir_signatures": [ { "digest": { "length": 4164.0, "function_hash": "236988058183382572577128418668185193440" }, "target": { "function": "cs_dsp_load", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-0ca26575" }, { "digest": { "line_hashes": [ "112924978669611697792195985929803998205", "129251571219002973297387688503942447599", "27018313305096521106911349828828445730", "18272071448470878022745771214273113330", "128959546200425921222578010501387985412", "203924663516207860487447716104256644811", "137059446306794169748131071479348360332", "5711643707599785543246070310493256134", "229341165442525278692601888412139524752", "310079930809933231317806942573632577943", "333340660015270209950325892769738234300", "263780031084644279951085507941351215469", "93924670922706550806455827164804988505", "286159231497246950329087424318726865441", "73440091137661234506036972289213697408", "233629843179958800808884421825580911985", "184414510458601444472527521517083167961", "163026223360691682711606071122138468693", "213914161129064256400317426553843968639", "207055833391392591582786855319504954589", "66083973457905589396833290519621230071", "70591660077354736836007478388371324715", "172595269193900330683676470849706072399", "209461280476419973533755767305171701575", "30052350888523145960923504986458395599", "146521240569584964717567983144749295083", "76303765768164848592630425036310958577", "140635488418512074193127167905290082757", "298814098330115296851315365758397493233", "229793860265974067682380435307052897387", "197532150672706199903222801016363482020", "43591469749792165460894985648292290812", "285728420519638269988975286778714812243", "19471795412179442918623160958347561025", "264207365312565625918762297689523605649", "27667497358890278315814067829738312544" ], "threshold": 0.9 }, "target": { "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6598afa9320b6ab13041616950ca5f8f938c0cf1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-3c06fcf3" }, { "digest": { "length": 4567.0, "function_hash": "323032206947426189613763368906871990407" }, "target": { "function": "cs_dsp_load_coeff", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a9cd924aec1288d675df721f244da4dd7e16cff", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-3d36c418" }, { "digest": { "line_hashes": [ "112924978669611697792195985929803998205", "129251571219002973297387688503942447599", "27018313305096521106911349828828445730", "18272071448470878022745771214273113330", "128959546200425921222578010501387985412", "203924663516207860487447716104256644811", "137059446306794169748131071479348360332", "5711643707599785543246070310493256134", "229341165442525278692601888412139524752", "310079930809933231317806942573632577943", "333340660015270209950325892769738234300", "263780031084644279951085507941351215469", "93924670922706550806455827164804988505", "286159231497246950329087424318726865441", "73440091137661234506036972289213697408", "233629843179958800808884421825580911985", "184414510458601444472527521517083167961", "163026223360691682711606071122138468693", "213914161129064256400317426553843968639", "207055833391392591582786855319504954589", "66083973457905589396833290519621230071", "70591660077354736836007478388371324715", "172595269193900330683676470849706072399", "209461280476419973533755767305171701575", "30052350888523145960923504986458395599", "146521240569584964717567983144749295083", "76303765768164848592630425036310958577", "140635488418512074193127167905290082757", "298814098330115296851315365758397493233", "229793860265974067682380435307052897387", "197532150672706199903222801016363482020", "43591469749792165460894985648292290812", "285728420519638269988975286778714812243", "19471795412179442918623160958347561025", "264207365312565625918762297689523605649", "27667497358890278315814067829738312544" ], "threshold": 0.9 }, "target": { "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a9cd924aec1288d675df721f244da4dd7e16cff", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-52b05ea3" }, { "digest": { "length": 4542.0, "function_hash": "241846534110743942844422180554636285887" }, "target": { "function": "cs_dsp_load_coeff", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@259955eca9b7acf1299b1ac077d8cfbe12df35d8", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-75b219ef" }, { "digest": { "line_hashes": [ "112924978669611697792195985929803998205", "129251571219002973297387688503942447599", "27018313305096521106911349828828445730", "18272071448470878022745771214273113330", "128959546200425921222578010501387985412", "203924663516207860487447716104256644811", "137059446306794169748131071479348360332", "5711643707599785543246070310493256134", "229341165442525278692601888412139524752", "310079930809933231317806942573632577943", "333340660015270209950325892769738234300", "263780031084644279951085507941351215469", "93924670922706550806455827164804988505", "286159231497246950329087424318726865441", "73440091137661234506036972289213697408", "233629843179958800808884421825580911985", "184414510458601444472527521517083167961", "163026223360691682711606071122138468693", "213914161129064256400317426553843968639", "207055833391392591582786855319504954589", "66083973457905589396833290519621230071", "70591660077354736836007478388371324715", "172595269193900330683676470849706072399", "209461280476419973533755767305171701575", "30052350888523145960923504986458395599", "146521240569584964717567983144749295083", "76303765768164848592630425036310958577", "140635488418512074193127167905290082757", "298814098330115296851315365758397493233", "229793860265974067682380435307052897387", "197532150672706199903222801016363482020", "43591469749792165460894985648292290812", "285728420519638269988975286778714812243", "19471795412179442918623160958347561025", "264207365312565625918762297689523605649", "27667497358890278315814067829738312544" ], "threshold": 0.9 }, "target": { "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@259955eca9b7acf1299b1ac077d8cfbe12df35d8", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-815fd296" }, { "digest": { "length": 4567.0, "function_hash": "323032206947426189613763368906871990407" }, "target": { "function": "cs_dsp_load_coeff", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6598afa9320b6ab13041616950ca5f8f938c0cf1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-81a3435a" }, { "digest": { "length": 4138.0, "function_hash": "179679548977138904941438180576241702487" }, "target": { "function": "cs_dsp_load", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@259955eca9b7acf1299b1ac077d8cfbe12df35d8", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-920a3ab2" }, { "digest": { "length": 4567.0, "function_hash": "323032206947426189613763368906871990407" }, "target": { "function": "cs_dsp_load_coeff", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-a3c9cac3" }, { "digest": { "length": 4164.0, "function_hash": "236988058183382572577128418668185193440" }, "target": { "function": "cs_dsp_load", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a9cd924aec1288d675df721f244da4dd7e16cff", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-d835c042" }, { "digest": { "length": 4164.0, "function_hash": "236988058183382572577128418668185193440" }, "target": { "function": "cs_dsp_load", "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6598afa9320b6ab13041616950ca5f8f938c0cf1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-f2fb9ab6" }, { "digest": { "line_hashes": [ "112924978669611697792195985929803998205", "129251571219002973297387688503942447599", "27018313305096521106911349828828445730", "18272071448470878022745771214273113330", "128959546200425921222578010501387985412", "203924663516207860487447716104256644811", "137059446306794169748131071479348360332", "5711643707599785543246070310493256134", "229341165442525278692601888412139524752", "310079930809933231317806942573632577943", "333340660015270209950325892769738234300", "263780031084644279951085507941351215469", "93924670922706550806455827164804988505", "286159231497246950329087424318726865441", "73440091137661234506036972289213697408", "233629843179958800808884421825580911985", "184414510458601444472527521517083167961", "163026223360691682711606071122138468693", "213914161129064256400317426553843968639", "207055833391392591582786855319504954589", "66083973457905589396833290519621230071", "70591660077354736836007478388371324715", "172595269193900330683676470849706072399", "209461280476419973533755767305171701575", "30052350888523145960923504986458395599", "146521240569584964717567983144749295083", "76303765768164848592630425036310958577", "140635488418512074193127167905290082757", "298814098330115296851315365758397493233", "229793860265974067682380435307052897387", "197532150672706199903222801016363482020", "43591469749792165460894985648292290812", "285728420519638269988975286778714812243", "19471795412179442918623160958347561025", "264207365312565625918762297689523605649", "27667497358890278315814067829738312544" ], "threshold": 0.9 }, "target": { "file": "drivers/firmware/cirrus/cs_dsp.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-42237-f3b53702" } ] }