{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T22:19:13.739","vulnerabilities":[{"cve":{"id":"CVE-2024-42237","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-08-07T16:15:46.600","lastModified":"2025-11-03T22:17:48.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Validate payload length before processing block\n\nMove the payload length check in cs_dsp_load() and cs_dsp_coeff_load()\nto be done before the block is processed.\n\nThe check that the length of a block payload does not exceed the number\nof remaining bytes in the firwmware file buffer was being done near the\nend of the loop iteration. However, some code before that check used the\nlength field without validating it."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: firmware: cs_dsp: Validar la longitud de el payload antes de procesar el bloque. Mueva la verificación de la longitud de el payload en cs_dsp_load() y cs_dsp_coeff_load() para que se realice antes de que se procese el bloque. La verificación de que la longitud de el payload de un bloque no exceda el número de bytes restantes en el búfer del archivo de firmware se estaba realizando cerca del final de la iteración del bucle. Sin embargo, algún código anterior a esa verificación usaba el campo de longitud sin validarlo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-834"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.16","matchCriteriaId":"D692A2AE-8E9E-46AE-8670-7E1284317A25"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.1.100","matchCriteriaId":"DC17596B-BA9E-4298-B220-9D2BFBD7A860"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.41","matchCriteriaId":"96AC42B8-D66D-4AC5-B466-E9BA7910FA29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.9.10","matchCriteriaId":"AB2E8DEC-CFD5-4C2B-981D-E7E45A36C352"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/259955eca9b7acf1299b1ac077d8cfbe12df35d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3a9cd924aec1288d675df721f244da4dd7e16cff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6598afa9320b6ab13041616950ca5f8f938c0cf1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71d9e313d8f7e18c543a9c80506fe6b1eb1fe0c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}