In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well.
History

Wed, 13 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-28T11:27:56.756Z

Updated: 2024-12-19T08:50:18.318Z

Reserved: 2024-02-19T14:20:24.195Z

Link: CVE-2024-26927

cve-icon Vulnrichment

Updated: 2024-08-02T00:21:05.489Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-28T12:15:21.063

Modified: 2024-11-21T09:03:24.137

Link: CVE-2024-26927

cve-icon Redhat

Severity : Low

Publid Date: 2024-04-28T00:00:00Z

Links: CVE-2024-26927 - Bugzilla