CVE-2024-26927

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-120
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well.

Related Vulnerabilities

CVE-1999-0038

HIGH
CVSS:8.4(High)

Buffer overflow in xlock program allows local users to execute commands as root.

CWE-1201999

CVE-2017-18779

HIGH
CVSS:8.4(High)

Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR...

CWE-1202017

CVE-2019-4014

HIGH
CVSS:8.4(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c...

CWE-1202019

CVE-2019-4015

HIGH
CVSS:8.4(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c...

CWE-1202019

CVE-2019-4016

HIGH
CVSS:8.4(High)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary c...

CWE-1202019

CVE-2019-4523

HIGH
CVSS:8.4(High)

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the syst...

CWE-1202019