nvd-json-data-feeds/CVE-2024/CVE-2024-410xx/CVE-2024-41056.json

{
  "id": "CVE-2024-41056",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-07-29T15:15:13.703",
  "lastModified": "2024-07-29T16:21:52.517",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files\n\nUse strnlen() instead of strlen() on the algorithm and coefficient name\nstring arrays in V1 wmfw files.\n\nIn V1 wmfw files the name is a NUL-terminated string in a fixed-size\narray. cs_dsp should protect against overrunning the array if the NUL\nterminator is missing."
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: cs_dsp: use strnlen() en los campos de nombre en archivos wmfw V1. Use strnlen() en lugar de strlen() en las matrices de cadenas de nombres de algoritmos y coeficientes en archivos wmfw V1. En los archivos wmfw V1, el nombre es una cadena terminada en NUL en una matriz de tama\u00f1o fijo. cs_dsp deber\u00eda proteger contra el desbordamiento de la matriz si falta el terminador NUL."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/16d76857d6b5426f41b587d0bb925de3f25bfb21",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/392cff2f86a25a4286ff3151c7739143c61c1781",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/53a9f8cdbf35a682e9894e1a606f4640e5359185",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/680e126ec0400f6daecf0510c5bb97a55779ff03",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}