CVE-2024-53061

media: s5p-jpeg: prevent buffer overflows

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

media: s5p-jpeg: prevent buffer overflows

The current logic allows word to be less than 2. If this happens,
there will be buffer overflows, as reported by smatch. Add extra
checks to prevent it.

While here, remove an unused word = 0 assignment.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-11-19 CVE Published
2024-11-19 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51	2024-11-17
https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b	2024-11-17
https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef	2024-11-17
https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e	2024-11-14
https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e	2024-11-14
https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd	2024-11-14
https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51	2024-11-14
https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a	2024-10-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.19.324 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.19.324"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.4.286 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.4.286"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.10.230 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.10.230"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.15.172 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.15.172"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 6.1.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 6.1.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 6.6.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 6.6.61"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 6.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 6.11.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 6.12"		en		Affected