Buffer Overflow Vulnerability in Linux Kernel Affecting Intel ASoC Drivers
CVE-2024-57880

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A buffer overflow vulnerability exists in the Intel ASoC drivers within the Linux kernel. This issue arises due to improper handling of the DAIs array, leading to potential out-of-bounds access. Specifically, the code incorrectly assumes there is always an available slot in the array when assessing usage, resulting in an attempt to access a memory location past the allocated array bounds when the array is full. The fix involves expanding the array to include a terminator, preventing the possibility of accessing invalid memory and enhancing overall system integrity.

Affected Version(s)

Linux 27fd36aefa0013bea1cf6948e2e825e9b8cff97a

Linux 27fd36aefa0013bea1cf6948e2e825e9b8cff97a < 255cc582e6e16191a20d54bcdbca6c91d3e90c5e

Linux 6.10

References

https://git.kernel.org/stable/c/b21a849764a4111b0bc14a5ff...

https://git.kernel.org/stable/c/255cc582e6e16191a20d54bcd...

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025