CVE-2024-26927 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48
https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306
https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab
https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153
https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c
https://lore.kernel.org/linux-cve-announce/2024042844-CVE-2024-26927-3374@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26927
https://www.cve.org/CVERecord?id=CVE-2024-26927

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T11:27:56.756Z

Updated: 2024-08-02T00:21:05.489Z

Reserved: 2024-02-19T14:20:24.195Z

Link: CVE-2024-26927

Vulnrichment

Updated: 2024-04-30T16:49:36.688Z

NVD

Status : Awaiting Analysis

Published: 2024-04-28T12:15:21.063

Modified: 2024-07-03T01:50:01.863

Link: CVE-2024-26927

Redhat

Severity : Low

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2024-26927 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26927", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.195Z", "datePublished": "2024-04-28T11:27:56.756Z", "dateUpdated": "2024-08-02T00:21:05.489Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:25:09.745Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Add some bounds checking to firmware data\n\nSmatch complains about \"head->full_size - head->header_size\" can\nunderflow. To some extent, we're always going to have to trust the\nfirmware a bit. However, it's easy enough to add a check for negatives,\nand let's add a upper bounds check as well."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/sof/ipc3-loader.c"], "versions": [{"version": "d2458baa799f", "lessThan": "d133d67e7e72", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "ced7df8b3c5c", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "044e22066715", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "9eeb8e1231f6", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "98f681b0f84c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/sof/ipc3-loader.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c"}, {"url": "https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153"}, {"url": "https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48"}, {"url": "https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab"}, {"url": "https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306"}], "title": "ASoC: SOF: Add some bounds checking to firmware data", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26927", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-30T16:50:15.539031Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "d2458baa799f"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:48.482Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.489Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26927", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.195Z", "datePublished": "2024-04-28T11:27:56.756Z", "dateUpdated": "2024-06-04T17:48:48.482Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:25:09.745Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Add some bounds checking to firmware data\n\nSmatch complains about \"head->full_size - head->header_size\" can\nunderflow. To some extent, we're always going to have to trust the\nfirmware a bit. However, it's easy enough to add a check for negatives,\nand let's add a upper bounds check as well."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/sof/ipc3-loader.c"], "versions": [{"version": "d2458baa799f", "lessThan": "d133d67e7e72", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "ced7df8b3c5c", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "044e22066715", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "9eeb8e1231f6", "status": "affected", "versionType": "git"}, {"version": "d2458baa799f", "lessThan": "98f681b0f84c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/sof/ipc3-loader.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c"}, {"url": "https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153"}, {"url": "https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48"}, {"url": "https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab"}, {"url": "https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306"}], "title": "ASoC: SOF: Add some bounds checking to firmware data", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-26927", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-30T16:50:15.539031Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "d2458baa799f"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-30T16:49:36.688Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Add some bounds checking to firmware data\n\nSmatch complains about \"head->full_size - head->header_size\" can\nunderflow. To some extent, we're always going to have to trust the\nfirmware a bit. However, it's easy enough to add a check for negatives,\nand let's add a upper bounds check as well."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: SOF: agregue algunas comprobaciones de los l\u00edmites a los datos del firmware. Smatch se queja de que \"head->full_size - head->header_size\" puede desbordarse. Hasta cierto punto, siempre vamos a tener que confiar un poco en el firmware. Sin embargo, es bastante f\u00e1cil agregar una verificaci\u00f3n de negativos y agreguemos tambi\u00e9n una verificaci\u00f3n de los l\u00edmites superiores."}], "id": "CVE-2024-26927", "lastModified": "2024-07-03T01:50:01.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-28T12:15:21.063", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: ASoC: SOF: Add some bounds checking to firmware data", "id": "2277844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277844"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-191", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: SOF: Add some bounds checking to firmware data\nSmatch complains about \"head->full_size - head->header_size\" can\nunderflow. To some extent, we're always going to have to trust the\nfirmware a bit. However, it's easy enough to add a check for negatives,\nand let's add a upper bounds check as well.", "A flaw was found in the Linux kernel. The following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data."], "name": "CVE-2024-26927", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26927\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26927\nhttps://lore.kernel.org/linux-cve-announce/2024042844-CVE-2024-26927-3374@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.83, kernel 6.6.23, kernel 6.7.11, kernel 6.8.2, kernel 6.9-rc1, kernel 6.1.85, kernel 6.6.26, kernel 6.8.5, kernel 6.9-rc3"}