In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Add some bounds checking to firmware data
Smatch complains about "head->full_size - head->header_size" can
underflow. To some extent, we're always going to have to trust the
firmware a bit. However, it's easy enough to add a check for negatives,
and let's add a upper bounds check as well.
References
Configurations
No configuration.
History
03 Jul 2024, 01:50
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.4 |
CWE | CWE-120 |
28 Apr 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-28 12:15
Updated : 2024-07-03 01:50
NVD link : CVE-2024-26927
Mitre link : CVE-2024-26927
CVE.ORG link : CVE-2024-26927
JSON object : View
Products Affected
No product.
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')