CVE-2024-41056

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21	Patch
https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781	Patch
https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185	Patch
https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03	Patch
https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21	Patch
https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781	Patch
https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185	Patch
https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03	Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc7::::::

History

03 Nov 2025, 22:17

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html -

07 Oct 2025, 12:52

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel:6.10:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::
References	~~() https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21 -~~	() https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21 - Patch
References	~~() https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781 -~~	() https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781 - Patch
References	~~() https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185 -~~	() https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185 - Patch
References	~~() https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03 -~~	() https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03 - Patch

Information

Published : 2024-07-29 15:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-41056

Mitre link : CVE-2024-41056

CVE.ORG link : CVE-2024-41056

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10