CVE-2024-41039

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> firmware: cs_dsp: Fix overflow checking of wmfw header<br /> <br /> Fix the checking that firmware file buffer is large enough for the<br /> wmfw header, to prevent overrunning the buffer.<br /> <br /> The original code tested that the firmware data buffer contained<br /> enough bytes for the sums of the size of the structs<br /> <br /> wmfw_header + wmfw_adsp1_sizes + wmfw_footer<br /> <br /> But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and<br /> Halo Core the equivalent struct is wmfw_adsp2_sizes, which is<br /> 4 bytes longer. So the length check didn&amp;#39;t guarantee that there<br /> are enough bytes in the firmware buffer for a header with<br /> wmfw_adsp2_sizes.<br /> <br /> This patch splits the length check into three separate parts. Each<br /> of the wmfw_header, wmfw_adsp?_sizes and wmfw_footer are checked<br /> separately before they are used.