CVE-2024-53061

Nov. 22, 2024, 5:51 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *, 6.12

Weaknesses

CWE-191
Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.12 rc1 / / / / / /
o linux linux_kernel 6.12 rc2 / / / / / /
o linux linux_kernel 6.12 rc3 / / / / / /
o linux linux_kernel 6.12 rc4 / / / / / /
o linux linux_kernel 6.12 rc5 / / / / / /
o linux linux_kernel 6.12 rc6 / / / / / /

References

https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a
https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd
https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e
https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51
https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e
https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51
https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b
https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-191
2024-11-19
CVE-2024-53061

CVSS Score

7.8 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Nov. 19, 2024, 6:15 p.m.
  • Last Modified: Nov. 22, 2024, 5:51 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.