{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50007", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.060Z", "datePublished": "2024-10-21T18:54:00.611Z", "dateUpdated": "2024-11-08T15:57:50.424Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-08T15:57:50.424Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn't\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/pci/asihpi/hpimsgx.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "a6bdb691cf7b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ce2953e44829", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "219587bca267", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "36ee4021bcc3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "e658227d9d4f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7a5574099670", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "ad7248a5e925", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "876d04bf5a8a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "7b986c7430a6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/pci/asihpi/hpimsgx.c"], "versions": [{"version": "4.19.323", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522"}, {"url": "https://git.kernel.org/stable/c/ce2953e44829ec54bcbb57e9d890fc8af0900c80"}, {"url": "https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674"}, {"url": "https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f"}, {"url": "https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5"}, {"url": "https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747"}, {"url": "https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372"}, {"url": "https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d"}, {"url": "https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96"}], "title": "ALSA: asihpi: Fix potential OOB array access", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50007", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:29:11.400121Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:38:40.227Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50007", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:29:11.400121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:29:14.602Z"}}], "cna": {"title": "ALSA: asihpi: Fix potential OOB array access", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "219587bca267", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "36ee4021bcc3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "e658227d9d4f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7a5574099670", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "ad7248a5e925", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "876d04bf5a8a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "7b986c7430a6", "versionType": "git"}], "programFiles": ["sound/pci/asihpi/hpimsgx.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/pci/asihpi/hpimsgx.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674"}, {"url": "https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f"}, {"url": "https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5"}, {"url": "https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747"}, {"url": "https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372"}, {"url": "https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d"}, {"url": "https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn't\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:53:22.193Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50007", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:53:22.193Z", "dateReserved": "2024-10-21T12:17:06.060Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:54:00.611Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F", "versionEndExcluding": "5.10.227", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: asihpi: Fix potential OOB array access\n\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn't\ntrust it blindly.\n\nThis patch adds a sanity check of the array index to fit in the array\nsize."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: asihpi: Se corrige el posible acceso a la matriz OOB. El controlador ASIHPI almacena algunos valores en la matriz est\u00e1tica tras una respuesta del controlador, y su \u00edndice depende del firmware. No deber\u00edamos confiar ciegamente en \u00e9l. Este parche agrega una comprobaci\u00f3n de la integridad del \u00edndice de la matriz para que se ajuste al tama\u00f1o de la matriz."}], "id": "CVE-2024-50007", "lastModified": "2024-11-08T16:15:40.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T19:15:04.300", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce2953e44829ec54bcbb57e9d890fc8af0900c80"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: asihpi: Fix potential OOB array access", "id": "2320564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320564"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: asihpi: Fix potential OOB array access\nASIHPI driver stores some values in the static array upon a response\nfrom the driver, and its index depends on the firmware. We shouldn't\ntrust it blindly.\nThis patch adds a sanity check of the array index to fit in the array\nsize."], "name": "CVE-2024-50007", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50007\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50007\nhttps://lore.kernel.org/linux-cve-announce/2024102109-CVE-2024-50007-0253@gregkh/T"], "threat_severity": "Moderate"}