CVE-2024-42237

Summary

CVE-2024-42237 is a vulnerability affecting the Linux kernel. This issue lies in the cs_dsp component and stems from a lack of proper validation of payload lengths before processing blocks. The check ensuring the payload length does not exceed the remaining bytes in the firmware file buffer was previously located after some code that utilized the length field without validation. This sequence led to an unintended expansion of blocks, potentially causing memory exhaustion or other unforeseen consequences. The vulnerability has been addressed by moving the payload length check to a position preceding the block processing stage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.