CVE-2024-53061
Published: November 21, 2024Last modified: November 21, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.119-r0) |
| Stream | linux-lts | Fixed (6.6.62-r0) |
References
- https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a
- https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd
- https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e
- https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51
- https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e
- https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51
- https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b
- https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef