PT-2024-7367 · Linux+10 · Linux Kernel+10

Richard Fitzgerald

·

Published

2024-07-01

·

Updated

2025-09-29

·

CVE-2024-42237

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the validation of payload length in the cs dsp module of the Linux kernel. Specifically, the check for the length of a block payload was being done near the end of the loop iteration, but some code before that check used the length field without validating it. This could potentially allow an attacker to cause a denial of service. The functions cs dsp load() and cs dsp coeff load() are involved in this issue.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-834

Related Identifiers

ALSA-2024:7000
ALSA-2024:7001
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11524
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47498
AZL-47595
BDU:2024-08731
CESA-2024_7000
CESA-2024_7001
CVE-2024-42237
DLA-4008-1
INFSA-2024_7000
INFSA-2024_7001
INFSA-2024_9315
OESA-2024-2124
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:10771
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024:9315
RHSA-2024_7000
RHSA-2024_7001
RHSA-2024_9315
RLSA-2024:7001
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu