CVE-2024-41039: firmware: cs_dsp: Fix overflow checking of wmfw header
First published: Mon Jul 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent struct is wmfw_adsp2_sizes, which is 4 bytes longer. So the length check didn't guarantee that there are enough bytes in the firmware buffer for a header with wmfw_adsp2_sizes. This patch splits the length check into three separate parts. Each of the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked separately before they are used.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.1.100 | 6.1.100 |
| redhat/kernel | <6.6.41 | 6.6.41 |
| redhat/kernel | <6.9.10 | 6.9.10 |
| redhat/kernel | <6.10 | 6.10 |
| Linux Kernel | >=5.16<6.1.100 | |
| Linux Kernel | >=6.2<6.6.41 | |
| Linux Kernel | >=6.7<6.9.10 | |
| Linux Kernel | =6.10-rc1 | |
| Linux Kernel | =6.10-rc2 | |
| Linux Kernel | =6.10-rc3 | |
| Linux Kernel | =6.10-rc4 | |
| Linux Kernel | =6.10-rc5 | |
| Linux Kernel | =6.10-rc6 | |
| Linux Kernel | =6.10-rc7 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 6.12.22-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://launchpad.net/bugs/cve/CVE-2024-41039
- https://lore.kernel.org/linux-cve-announce/2024072924-CVE-2024-41039-b3bc@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2301552
- https://access.redhat.com/errata/RHSA-2024:7001
- https://access.redhat.com/errata/RHSA-2024:7000
- https://access.redhat.com/errata/RHSA-2024:9315
- https://access.redhat.com/errata/RHSA-2024:9498
- https://access.redhat.com/errata/RHSA-2024:9497
- https://bugzilla.redhat.com/show_bug.cgi?id=2300408
- https://git.kernel.org/stable/c/fd035f0810b33c2a8792effdb82bf35920221565
- https://git.kernel.org/stable/c/9c9877a96e033bf6c6470b3b4f06106d91ace11e
- https://git.kernel.org/stable/c/49a79f344d0a17c6a5eef53716cc76fcdbfca9ba
- https://git.kernel.org/stable/c/3019b86bce16fbb5bc1964f3544d0ce7d0137278
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039
- https://nvd.nist.gov/vuln/detail/CVE-2024-41039
- https://security-tracker.debian.org/tracker/CVE-2024-41039
- https://ubuntu.com/security/CVE-2024-41039
- https://git.kernel.org/linus/3019b86bce16fbb5bc1964f3544d0ce7d0137278
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-41039?
The severity of CVE-2024-41039 is classified as medium due to potential buffer overflow risks.
How do I fix CVE-2024-41039?
To fix CVE-2024-41039, update your kernel to version 6.1.100, 6.6.41, 6.9.10, or 6.10 based on your operating system.
Which versions of the Linux kernel are affected by CVE-2024-41039?
CVE-2024-41039 affects Linux kernel versions from 5.16 up to 6.1.100, 6.2 to 6.6.41, 6.7 to 6.9.10, and specific 6.10 release candidates.
What types of systems are vulnerable to CVE-2024-41039?
Systems running affected versions of the Linux kernel, particularly those using the cs_dsp firmware, are vulnerable to CVE-2024-41039.
Is there a workaround for CVE-2024-41039?
There is no known workaround for CVE-2024-41039; updating the kernel is the recommended approach to mitigate the vulnerability.
- agent/title
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-41039
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/trending
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.10-rc1
- version/linux kernel/6.10-rc2
- version/linux kernel/6.10-rc3
- version/linux kernel/6.10-rc4
- version/linux kernel/6.10-rc5
- version/linux kernel/6.10-rc6
- version/linux kernel/6.10-rc7
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2