NewsSecurity Vulnerabilities

Linux kernel vulnerability (CVE-2024-57880)

CVE number = CVE-2024-57880

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array.

The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use.

However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator.

Further information – https://git.kernel.org/stable/c/b21a849764a4111b0bc14a5ffe987a0582419de2

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.