CVE-2024-26927

ASoC: SOF: Add some bounds checking to firmware data

Severity Score

8.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Add some bounds checking to firmware data

Smatch complains about "head->full_size - head->header_size" can
underflow. To some extent, we're always going to have to trust the
firmware a bit. However, it's easy enough to add a check for negatives,
and let's add a upper bounds check as well.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: agregue algunas comprobaciones de los límites a los datos del firmware. Smatch se queja de que "head->full_size - head->header_size" puede desbordarse. Hasta cierto punto, siempre vamos a tener que confiar un poco en el firmware. Sin embargo, es bastante fácil agregar una verificación de negativos y agreguemos también una verificación de los límites superiores.

*Credits: N/A

CVSS Scores

CISAv3.1 8.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-28 CVE Published
2024-04-29 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/d2458baa799fff377660d86323dd20a3f4deecb4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c	2024-03-26
https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153	2024-03-26
https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48	2024-03-26
https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab	2024-03-26
https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306	2024-02-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.8.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.9"		en		Affected