PT-2024-7518 · Linux+10 · Linux Kernel+10
Richard Fitzgerald
·
Published
2024-06-27
·
Updated
2025-09-29
·
CVE-2024-41039
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a buffer overflow vulnerability in the Linux kernel, specifically in the cs dsp function. The vulnerability occurs when the firmware file buffer is not large enough for the wmfw header, allowing an attacker to potentially impact the confidentiality, integrity, and availability of protected information. The original code did not properly check the length of the firmware data buffer, which could lead to overrunning the buffer. The patch splits the length check into three separate parts, checking the
wmfw header, wmfw adsp? sizes, and wmfw footer separately before they are used.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Heap Based Buffer Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu