The vulnerability of the loginauth function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK CP450 router’s microprogramming system, which allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the loginauth function in the /cgi-bin/cstecgi.cgi script of the TOTOLINK CP450 router’s microprogramming system is related to the issue of data being written outside the buffer in memory when processing the httphost parameter. Exploiting this vulnerability allows a malicious...

The vulnerability of the kdb_read() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kdbread function in the kernel/debug/kdb/kdbio.c file of the Linux operating system is related to memory writing beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...

SUSE CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

SUSE CVE-2024-41056

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Use strnlen on name fields in V1 wmfw files Use strnlen instead of strlen on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size...

PT-2024-17901 · Ashlar Vellum · Ashlar-Vellum Cobalt

Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability, as t...

The vulnerability of the DXE microprogramming software driver in Dell Edge Gateway BIOS allows a intruder to gain unauthorized access to protected information.

The vulnerability of the DXE microprogramming software driver for Dell Edge Gateway BIOS is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

The vulnerability in the LabVIEW programming environment, related to the execution of operations beyond the buffer boundaries in memory, allows an intruder to gain unauthorized access to protected information or execute arbitrary code.

The vulnerability in the LabVIEW programming environment relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information or execute arbitrary code using a specially created...

The vulnerability of the Microprogramming Software of Supermicro BMC controllers, related to the execution of operations outside the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Microprogrammed Software of Supermicro controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Microprogramming Software of Supermicro BMC controllers, related to the execution of operations outside the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Microprogrammed Software of Supermicro controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the DSP microprogramming system in Qualcomm’s embedded chips allows a hacker to execute arbitrary code.

The vulnerability of the DSP microprogramming system in Qualcomm’s embedded chips lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

DEBIAN-CVE-2024-41039

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer...

AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

UBUNTU-CVE-2024-41039

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer...

UBUNTU-CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038 firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038 firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...

CVE-2024-41038

CVE-2024-41038 affects the Linux kernel firmware for cs_dsp. The vulnerability is a buffer overrun risk when processing V2 algorithm headers due to the wmfw V2 format introducing variable-length strings in the header; the header length and field positions vary with string lengths. The issue is mi...