CVE-2024-50007

EPSS 0.03%
Published 21.10.2024 19:15:04
Last modified 03.11.2025 23:16:39
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: asihpi: Fix potential OOB array access

ASIHPI driver stores some values in the static array upon a response
from the driver, and its index depends on the firmware.  We shouldn't
trust it blindly.

This patch adds a sanity check of the array index to fit in the array
size.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.227

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.168

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.113

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.55

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.14

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.092

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674

Patch

https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f

Patch

https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747

Patch

https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96

Patch

https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d

Patch

https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522

https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372