CVE-2024-53061

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a	Patch
https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd	Patch
https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e	Patch
https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51	Patch
https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e	Patch
https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51	Patch
https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b	Patch
https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::

History

22 Nov 2024, 17:51

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a -~~	() https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a - Patch
References	~~() https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd -~~	() https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd - Patch
References	~~() https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e -~~	() https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e - Patch
References	~~() https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51 -~~	() https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51 - Patch
References	~~() https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e -~~	() https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e - Patch
References	~~() https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51 -~~	() https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51 - Patch
References	~~() https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b -~~	() https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b - Patch
References	~~() https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef -~~	() https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef - Patch
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux linux Kernel Linux
CWE		CWE-191
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: s5p-jpeg: evitar desbordamientos de búfer La lógica actual permite que word sea menor que 2. Si esto sucede, habrá desbordamientos de búfer, como lo informa smatch. Agregue verificaciones adicionales para evitarlo. Mientras esté aquí, elimine una asignación word = 0 sin usar.

19 Nov 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 18:15

Updated : 2025-02-18 16:15

NVD link : CVE-2024-53061

Mitre link : CVE-2024-53061

CVE.ORG link : CVE-2024-53061

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-191

Integer Underflow (Wrap or Wraparound)

7.8 /10