CVE-2024-53045
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/11/2024
Last modified:
27/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ASoC: dapm: fix bounds checker error in dapm_widget_list_create<br />
<br />
The widgets array in the snd_soc_dapm_widget_list has a __counted_by<br />
attribute attached to it, which points to the num_widgets variable. This<br />
attribute is used in bounds checking, and if it is not set before the<br />
array is filled, then the bounds sanitizer will issue a warning or a<br />
kernel panic if CONFIG_UBSAN_TRAP is set.<br />
<br />
This patch sets the size of the widgets list calculated with<br />
list_for_each as the initial value for num_widgets as it is used for<br />
allocating memory for the array. It is updated with the actual number of<br />
added elements after the array is filled.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page