How severe is CVE-2024-41038?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-41038?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-41038

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-120

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the algorithm block header. This means the overall header length is variable, and the position of most fields varies depending on the length of the string fields. Each field must be checked to ensure that it does not overflow the firmware data buffer. As this ia bugfix patch, the fixes avoid making any significant change to the existing code. This makes it easier to review and less likely to introduce new bugs.

CVE-2008-3275

MEDIUM

CVSS:5.5(Medium)

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) di...

CWE-1202008

CVE-2011-3353

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the abil...

CWE-1202011

CVE-2015-20109

MEDIUM

CVSS:5.5(Medium)

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrat...

CWE-1202015

CVE-2015-7890

MEDIUM

CVSS:5.5(Medium)

Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via ...

CWE-1202015

CVE-2016-10066

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.

CWE-1202016

CVE-2019-10882

MEDIUM

CVSS:5.5(Medium)

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this ser...

CWE-1202019

CVE-2024-41038

Vulnerability Description

Related Vulnerabilities

CVE-2008-3275

CVE-2011-3353

CVE-2015-20109

CVE-2015-7890

CVE-2016-10066

CVE-2019-10882