{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42237", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.253Z", "datePublished": "2024-08-07T15:14:26.221Z", "dateUpdated": "2024-09-11T17:34:32.028Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-07T15:14:26.221Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "versions": [{"version": "f6bc909e7673", "lessThan": "259955eca9b7", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673", "lessThan": "3a9cd924aec1", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673", "lessThan": "71d9e313d8f7", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673", "lessThan": "6598afa9320b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8"}, {"url": "https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff"}, {"url": "https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8"}, {"url": "https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1"}], "title": "firmware: cs_dsp: Validate payload length before processing block", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42237", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:00.898679Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:32.028Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42237", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:00.898679Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.274Z"}}], "cna": {"title": "firmware: cs_dsp: Validate payload length before processing block", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f6bc909e7673", "lessThan": "259955eca9b7", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "3a9cd924aec1", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "71d9e313d8f7", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "6598afa9320b", "versionType": "git"}], "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8"}, {"url": "https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff"}, {"url": "https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8"}, {"url": "https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-07T15:14:26.221Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42237", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:32.028Z", "dateReserved": "2024-07-30T07:40:12.253Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-07T15:14:26.221Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25", "versionEndExcluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC17596B-BA9E-4298-B220-9D2BFBD7A860", "versionEndExcluding": "6.1.100", "versionStartIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96AC42B8-D66D-4AC5-B466-E9BA7910FA29", "versionEndExcluding": "6.6.41", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352", "versionEndExcluding": "6.9.10", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: firmware: cs_dsp: Validar la longitud de el payload antes de procesar el bloque. Mueva la verificaci\u00f3n de la longitud de el payload en cs_dsp_load() y cs_dsp_coeff_load() para que se realice antes de que se procese el bloque. La verificaci\u00f3n de que la longitud de el payload de un bloque no exceda el n\u00famero de bytes restantes en el b\u00fafer del archivo de firmware se estaba realizando cerca del final de la iteraci\u00f3n del bucle. Sin embargo, alg\u00fan c\u00f3digo anterior a esa verificaci\u00f3n usaba el campo de longitud sin validarlo."}], "id": "CVE-2024-42237", "lastModified": "2024-08-08T14:54:24.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-07T16:15:46.600", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-834"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: firmware: cs_dsp: Validate payload length before processing block", "id": "2303505", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303505"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirmware: cs_dsp: Validate payload length before processing block\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it."], "name": "CVE-2024-42237", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42237\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42237\nhttps://lore.kernel.org/linux-cve-announce/2024080740-CVE-2024-42237-eba4@gregkh/T"], "threat_severity": "Low"}