An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case
References
Configurations
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case | |
References |
|
|
Information
Published : 2019-05-30 04:29
Updated : 2024-08-05 00:15
NVD link : CVE-2019-12454
Mitre link : CVE-2019-12454
CVE.ORG link : CVE-2019-12454
JSON object : View
Products Affected
linux
- linux_kernel
CWE