full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well. "> full_size,-,head->header_size",can,underflow.,To,some extent,,we're,always,going,to,have,to,trust,the,firmware,a,bit. However,,it's,easy,enough,to,add,a,check,for,negatives,,and,let's,add a,upper,bounds,check,as,well. "> SecuritySpace - CVE-2024-26927
 
English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2024-26927
Description:In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2024-26927
https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48
https://git.kernel.org/stable/c/044e220667157fb9d59320341badec59cf45ba48
https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306
https://git.kernel.org/stable/c/98f681b0f84cfc3a1d83287b77697679e0398306
https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab
https://git.kernel.org/stable/c/9eeb8e1231f6450c574c1db979122e171a1813ab
https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153
https://git.kernel.org/stable/c/ced7df8b3c5c4751244cad79011e86cf1f809153
https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c
https://git.kernel.org/stable/c/d133d67e7e724102d1e53009c4f88afaaf3e167c



© 1998-2025 E-Soft Inc. All rights reserved.