{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42238", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.253Z", "datePublished": "2024-08-07T15:14:26.812Z", "dateUpdated": "2024-09-11T17:34:31.911Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-07T15:14:26.812Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn't\nabort the file processing with an error."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "versions": [{"version": "f6bc909e7673", "lessThan": "b8be70566b33", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673", "lessThan": "90ab191b7d18", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673", "lessThan": "6eabd2338380", "status": "affected", "versionType": "git"}, {"version": "f6bc909e7673", "lessThan": "959fe01e85b7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.100", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.41", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.10", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b8be70566b33abbd0180105070b4c67cfef8c44f"}, {"url": "https://git.kernel.org/stable/c/90ab191b7d181057d71234e8632e06b5844ac38e"}, {"url": "https://git.kernel.org/stable/c/6eabd23383805725eff416c203688b7a390d4153"}, {"url": "https://git.kernel.org/stable/c/959fe01e85b7241e3ec305d657febbe82da16a02"}], "title": "firmware: cs_dsp: Return error if block header overflows file", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:13:57.707205Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:31.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:13:57.707205Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.259Z"}}], "cna": {"title": "firmware: cs_dsp: Return error if block header overflows file", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f6bc909e7673", "lessThan": "b8be70566b33", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "90ab191b7d18", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "6eabd2338380", "versionType": "git"}, {"status": "affected", "version": "f6bc909e7673", "lessThan": "959fe01e85b7", "versionType": "git"}], "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.100", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.41", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.10", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/firmware/cirrus/cs_dsp.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b8be70566b33abbd0180105070b4c67cfef8c44f"}, {"url": "https://git.kernel.org/stable/c/90ab191b7d181057d71234e8632e06b5844ac38e"}, {"url": "https://git.kernel.org/stable/c/6eabd23383805725eff416c203688b7a390d4153"}, {"url": "https://git.kernel.org/stable/c/959fe01e85b7241e3ec305d657febbe82da16a02"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn't\nabort the file processing with an error."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-07T15:14:26.812Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42238", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:31.911Z", "dateReserved": "2024-07-30T07:40:12.253Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-07T15:14:26.812Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "100CDF74-4DB5-4FC6-A54B-BDBDB0C27137", "versionEndExcluding": "6.1.100", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96AC42B8-D66D-4AC5-B466-E9BA7910FA29", "versionEndExcluding": "6.6.41", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352", "versionEndExcluding": "6.9.10", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Return error if block header overflows file\n\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\n\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn't\nabort the file processing with an error."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: cs_dsp: Devuelve error si el encabezado del bloque desborda el archivo devuelve un error de cs_dsp_power_up() si el encabezado de un bloque es m\u00e1s largo que la cantidad de datos que quedan en el archivo. El c\u00f3digo anterior en cs_dsp_load() y cs_dsp_load_coeff() se repetir\u00eda mientras quedaran suficientes datos en el archivo para una regi\u00f3n v\u00e1lida. Esto proteg\u00eda contra la sobrecarga del final de los datos del archivo, pero no cancelaba el procesamiento del archivo con un error."}], "id": "CVE-2024-42238", "lastModified": "2024-08-08T14:54:45.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-07T16:15:46.667", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6eabd23383805725eff416c203688b7a390d4153"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/90ab191b7d181057d71234e8632e06b5844ac38e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/959fe01e85b7241e3ec305d657febbe82da16a02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8be70566b33abbd0180105070b4c67cfef8c44f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: firmware: cs_dsp: Return error if block header overflows file", "id": "2303506", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303506"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfirmware: cs_dsp: Return error if block header overflows file\nReturn an error from cs_dsp_power_up() if a block header is longer\nthan the amount of data left in the file.\nThe previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop\nwhile there was enough data left in the file for a valid region. This\nprotected against overrunning the end of the file data, but it didn't\nabort the file processing with an error.", "A denial of service vulnerability was found in the Linux kernel. No error was returned from the cs_dsp_power_up() function if a block header is longer than the amount of data left in the file."], "name": "CVE-2024-42238", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42238\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42238\nhttps://lore.kernel.org/linux-cve-announce/2024080740-CVE-2024-42238-a5fd@gregkh/T"], "threat_severity": "Moderate"}