PT-2024-7370 · Linux+10 · Linux Kernel+10

Published

2024-07-01

·

Updated

2025-09-29

·

CVE-2024-42238

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the cs dsp load() function in the Linux kernel, which is associated with a memory write beyond the allocated buffer. If a block header is longer than the amount of data left in the file, the previous code would loop while there was enough data left in the file for a valid region, protecting against overrunning the end of the file data, but it didn't abort the file processing with an error. The cs dsp power up() function now returns an error if a block header overflows the file.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-667

Related Identifiers

ALSA-2024:7000
ALSA-2024:7001
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11524
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-47486
BDU:2024-08737
BDU:2024-08738
CESA-2024_7000
CESA-2024_7001
CVE-2024-42238
DLA-4008-1
INFSA-2024_7000
INFSA-2024_7001
INFSA-2024_9315
OESA-2024-2124
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:10771
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024:9315
RHSA-2024_7000
RHSA-2024_7001
RHSA-2024_9315
RLSA-2024:7001
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu