7.8

CVE-2024-53061

media: s5p-jpeg: prevent buffer overflows

In the Linux kernel, the following vulnerability has been resolved:

media: s5p-jpeg: prevent buffer overflows

The current logic allows word to be less than 2. If this happens,
there will be buffer overflows, as reported by smatch. Add extra
checks to prevent it.

While here, remove an unused word = 0 assignment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.4 < 4.19.324
LinuxLinux Kernel Version >= 4.20 < 5.4.286
LinuxLinux Kernel Version >= 5.5 < 5.10.230
LinuxLinux Kernel Version >= 5.11 < 5.15.172
LinuxLinux Kernel Version >= 5.16 < 6.1.117
LinuxLinux Kernel Version >= 6.2 < 6.6.61
LinuxLinux Kernel Version >= 6.7 < 6.11.8
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.219
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a
Patch
https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd
Patch
https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e
Patch
https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51
Patch
https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e
Patch
https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51
Patch
https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b
Patch
https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html