CVE-2024-42237

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42237
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42237.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42237
Downstream
Related
Published
2024-08-07T16:15:46Z
Modified
2025-08-09T19:01:29Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: cs_dsp: Validate payload length before processing block

Move the payload length check in csdspload() and csdspcoeff_load() to be done before the block is processed.

The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.

References

Affected packages