Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp: Validate the payload length before processing the block. The check for the payload length should be performed before the block is processed. The previous check, which ensured that the length of a block’s paylo...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Returns an error if the block header exceeds the size of the remaining data in the file. If the block header is longer than the amount of data left in the file, csdsppowerup will return an error. The previous cod...

UBUNTU-CVE-2025-38340

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - csdspmockbinaddnameorinfo, because the source string length was rounded up to the allocation size...

AZL-47486 CVE-2024-42238 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Return error if block header overflows file Return an error from csdsppowerup if a block header is longer than the amount of data left in the file. The previous code in csdspload and csdsploadcoeff would loop whi...

AZL-47498 CVE-2024-42237 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Validate payload length before processing block Move the payload length check in csdspload and csdspcoeffload to be done before the block is processed. The check that the length of a block payload does not exceed...

CVE-2024-42237

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Validate payload length before processing block Move the payload length check in csdspload and csdspcoeffload to be done before the block is processed. The check that the length of a block payload does not exceed...

CVE-2024-42237

CVE-2024-42237 - Linux kernel cs_dsp payload length validation Affects: Linux kernel firmware cs_dsp loading paths (cs_dsp_load and cs_dsp_coeff_load).Cause: The block payload length could be used before validating the length, potentially enabling out-of-bounds processing.Fix: Move and perform th...

CVE-2024-42237 firmware: cs_dsp: Validate payload length before processing block

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Validate payload length before processing block Move the payload length check in csdspload and csdspcoeffload to be done before the block is processed. The check that the length of a block payload does not exceed...

DEBIAN-CVE-2024-41056

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Use strnlen on name fields in V1 wmfw files Use strnlen instead of strlen on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size...

AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...