{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41056", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.627Z", "datePublished": "2024-07-29T14:33:27.453Z", "dateUpdated": "2025-05-04T09:21:06.418Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:21:06.418Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "versions": [{"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7", "lessThan": "16d76857d6b5426f41b587d0bb925de3f25bfb21", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7", "lessThan": "392cff2f86a25a4286ff3151c7739143c61c1781", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7", "lessThan": "53a9f8cdbf35a682e9894e1a606f4640e5359185", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673c30abcbdb329e7d0aa2e83c103d7", "lessThan": "680e126ec0400f6daecf0510c5bb97a55779ff03", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.100"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.41"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.9.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21"}, {"url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781"}, {"url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185"}, {"url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03"}], "title": "firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:51.164Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41056", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:25.022416Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:01.793Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:51.164Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41056", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:22:25.022416Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:20.258Z"}}], "cna": {"title": "firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f6bc909e7673", "lessThan": "16d76857d6b5", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "392cff2f86a2", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "53a9f8cdbf35", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "680e126ec040", "versionType": "git"}], "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21"}, {"url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781"}, {"url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185"}, {"url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T14:33:27.453Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41056", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:01.793Z", "dateReserved": "2024-07-12T12:17:45.627Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T14:33:27.453Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: cs_dsp: use strnlen() en los campos de nombre en archivos wmfw V1. Use strnlen() en lugar de strlen() en las matrices de cadenas de nombres de algoritmos y coeficientes en archivos wmfw V1. En los archivos wmfw V1, el nombre es una cadena terminada en NUL en una matriz de tama\u00f1o fijo. cs_dsp deber\u00eda proteger contra el desbordamiento de la matriz si falta el terminador NUL."}], "id": "CVE-2024-41056", "lastModified": "2024-11-21T09:32:09.250", "metrics": {}, "published": "2024-07-29T15:15:13.703", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:8157", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.88.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8158", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:10771", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.47.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}], "bugzilla": {"description": "kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files", "id": "2300430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300430"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing.", "A buffer overrun flaw exists in the Linux kernel when the strlen function is used on name fields in V1 wmfw files. This issue results in a loss of system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-41056", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41056\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41056\nhttps://lore.kernel.org/linux-cve-announce/2024072930-CVE-2024-41056-c324@gregkh/T"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software settings, while least functionality reduces the attack surface by disabling unauthorized services and ports. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code exploiting out-of-bounds write vulnerabilities, using mechanisms such as file integrity monitoring and patch management. Robust input validation and error handling ensure all user inputs are thoroughly validated, preventing instability, data exposure, or privilege escalation. \nFinally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against out-of-bounds write exploits.", "threat_severity": "Moderate"}

{}