NewsSecurity Vulnerabilities

Linux kernel vulnerability (CVE-2024-57880)

CVE number = CVE-2024-57880

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array.

The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use.

However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator.

Further information – https://git.kernel.org/stable/c/b21a849764a4111b0bc14a5ffe987a0582419de2

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.