{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T12:13:49.325","vulnerabilities":[{"cve":{"id":"CVE-2024-41039","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-07-29T15:15:12.393","lastModified":"2025-11-03T22:17:26.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix overflow checking of wmfw header\n\nFix the checking that firmware file buffer is large enough for the\nwmfw header, to prevent overrunning the buffer.\n\nThe original code tested that the firmware data buffer contained\nenough bytes for the sums of the size of the structs\n\n\twmfw_header + wmfw_adsp1_sizes + wmfw_footer\n\nBut wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and\nHalo Core the equivalent struct is wmfw_adsp2_sizes, which is\n4 bytes longer. So the length check didn't guarantee that there\nare enough bytes in the firmware buffer for a header with\nwmfw_adsp2_sizes.\n\nThis patch splits the length check into three separate parts. Each\nof the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked\nseparately before they are used."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: firmware: cs_dsp: corrige la verificación de desbordamiento del encabezado wmfw. Se corrige la verificación de que el búfer del archivo de firmware sea lo suficientemente grande para el encabezado wmfw, para evitar que se sobrecargue el búfer. El código original probó que el búfer de datos del firmware contenía suficientes bytes para las sumas del tamaño de las estructuras wmfw_header + wmfw_adsp1_sizes + wmfw_footer. Pero wmfw_adsp1_sizes solo se usa en el firmware ADSP1. Para ADSP2 y Halo Core, la estructura equivalente es wmfw_adsp2_sizes, que es 4 bytes más larga. Por lo tanto, la verificación de longitud no garantiza que haya suficientes bytes en el búfer del firmware para un encabezado con wmfw_adsp2_sizes. Este parche divide el control de longitud en tres partes separadas. Cada uno de los wmfw_header, wmfw_adsp?_sizes y wmfw_footer se verifican por separado antes de usarse."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.100","matchCriteriaId":"100CDF74-4DB5-4FC6-A54B-BDBDB0C27137"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.41","matchCriteriaId":"96AC42B8-D66D-4AC5-B466-E9BA7910FA29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9.10","matchCriteriaId":"AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*","matchCriteriaId":"2EBB4392-5FA6-4DA9-9772-8F9C750109FA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*","matchCriteriaId":"331C2F14-12C7-45D5-893D-8C52EE38EA10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*","matchCriteriaId":"3173713D-909A-4DD3-9DD4-1E171EB057EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*","matchCriteriaId":"79F18AFA-40F7-43F0-BA30-7BDB65F918B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*","matchCriteriaId":"BD973AA4-A789-49BD-8D57-B2846935D3C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*","matchCriteriaId":"8F3E9E0C-AC3E-4967-AF80-6483E8AB0078"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.10:rc7:*:*:*:*:*:*","matchCriteriaId":"11AF4CB9-F697-4EA4-8903-8F9417EFDA8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}