CVE-2024-42237

firmware: cs_dsp: Validate payload length before processing block

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load()
to be done before the block is processed. The check that the length of a block payload does not exceed the number
of remaining bytes in the firwmware file buffer was being done near the
end of the loop iteration. However, some code before that check used the
length field without validating it.

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-08-07 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8	2024-07-18
https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff	2024-07-18
https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8	2024-07-18
https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1	2024-07-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42237	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2303505	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.1.100 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.1.100"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.6.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.6.41"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.9.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.9.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.10"		en		Affected