CVE-2024-42237

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-42237

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42237.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-42237

Downstream

BELL-CVE-2024-42237

DEBIAN-CVE-2024-42237

DLA-4008-1

OESA-2024-2124

RHSA-2024:10771

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:9315

RLSA-2024:7000

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

UBUNTU-CVE-2024-42237

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Related

Published

2024-08-07T16:15:46Z

Modified

2025-08-09T19:01:29Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: cs_dsp: Validate payload length before processing block

Move the payload length check in csdspload() and csdspcoeff_load() to be done before the block is processed.

The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.

References

Affected packages