CVE-2024-50007

In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity check of the array index to fit in the array size.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

08 Nov 2024, 16:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522 -
  • () https://git.kernel.org/stable/c/ce2953e44829ec54bcbb57e9d890fc8af0900c80 -

01 Nov 2024, 15:34

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References () https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674 - () https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674 - Patch
References () https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f - () https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f - Patch
References () https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747 - () https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747 - Patch
References () https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96 - () https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96 - Patch
References () https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d - () https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d - Patch
References () https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372 - () https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372 - Patch
References () https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5 - () https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5 - Patch
CWE CWE-129
First Time Linux linux Kernel
Linux

23 Oct 2024, 15:13

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: asihpi: Se corrige el posible acceso a la matriz OOB. El controlador ASIHPI almacena algunos valores en la matriz estática tras una respuesta del controlador, y su índice depende del firmware. No deberíamos confiar ciegamente en él. Este parche agrega una comprobación de la integridad del índice de la matriz para que se ajuste al tamaño de la matriz.

21 Oct 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-21 19:15

Updated : 2024-11-08 16:15


NVD link : CVE-2024-50007

Mitre link : CVE-2024-50007

CVE.ORG link : CVE-2024-50007


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index