摘要:
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Add some bounds checking to firmware data
Smatch complains about "head->full_size - head->header_size" can
underflow. To some extent, we're always going to have to trust the
firmware a bit. However, it's easy enough to add a check for negatives,
and let's add a upper bounds check as well.
安全等级: Low
公告ID: KylinSec-SA-2024-2375
发布日期: 2024年5月27日
关联CVE: CVE-2024-26927
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Add some bounds checking to firmware data
Smatch complains about "head->full_size - head->header_size" can
underflow. To some extent, we're always going to have to trust the
firmware a bit. However, it's easy enough to add a check for negatives,
and let's add a upper bounds check as well.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-26927 | KY3.4-4A | kernel | Unaffected |
| CVE-2024-26927 | KY3.4-5 | kernel | Unaffected |
| CVE-2024-26927 | KY3.5.1 | kernel | Unaffected |
| CVE-2024-26927 | KY3.5.3 | kernel | Unaffected |
| CVE-2024-26927 | V6 | kernel | Unaffected |
