PT-2024-29219 · Linux+10 · Linux Kernel+10
Richard Fitzgerald
·
Published
2024-06-27
·
Updated
2025-09-29
·
CVE-2024-41038
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a buffer overrun when processing V2 algorithm headers in the Linux kernel's firmware, specifically in the cs dsp module. The wmfw V2 format introduces variable-length strings in the algorithm block header, making the overall header length variable and the position of most fields dependent on the length of the string fields. Each field must be checked to ensure it does not overflow the firmware data buffer. The vulnerability can be exploited to cause a denial of service.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Buffer Overflow
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu