CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.4<4.19.324 | |
| Linux Kernel | >=4.20<5.4.286 | |
| Linux Kernel | >=5.5<5.10.230 | |
| Linux Kernel | >=5.11<5.15.172 | |
| Linux Kernel | >=5.16<6.1.117 | |
| Linux Kernel | >=6.2<6.6.61 | |
| Linux Kernel | >=6.7<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51
- https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b
- https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef
- https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e
- https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e
- https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd
- https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51
- https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53061
- https://nvd.nist.gov/vuln/detail/CVE-2024-53061
- https://launchpad.net/bugs/cve/CVE-2024-53061
- https://security-tracker.debian.org/tracker/CVE-2024-53061
- https://ubuntu.com/security/CVE-2024-53061
- https://git.kernel.org/linus/14a22762c3daeac59a5a534e124acbb4d7a79b3a
Frequently Asked Questions
What is the severity of CVE-2024-53061?
CVE-2024-53061 is a critical vulnerability in the Linux kernel that leads to potential buffer overflows.
How do I fix CVE-2024-53061?
To fix CVE-2024-53061, update your Linux kernel to a version that includes the security patch released by the maintainers.
What versions of the Linux kernel are affected by CVE-2024-53061?
CVE-2024-53061 affects multiple kernel versions including 4.4 up to 6.12-rc6.
What are the consequences of exploiting CVE-2024-53061?
Exploiting CVE-2024-53061 could allow attackers to achieve arbitrary code execution through buffer overflow techniques.
Who reported CVE-2024-53061?
CVE-2024-53061 was reported by smatch, highlighting the vulnerability within the s5p-jpeg media component of the Linux kernel.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.4
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian