FKIE_CVE-2024-38635

Vulnerability from fkie_nvd - Published: 2024-06-21 11:15 - Updated: 2025-09-17 17:00
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access. We were just lucky so far since we used only a couple of PDIs and remained within the PDI array bounds. A Fixes: tag is not provided since there are no known platforms where the out-of-bounds would be accessed, and the initial code had problems as well. A follow-up patch completely removes this useless offset.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B755DA3-6492-4165-BE2F-55FB23D6D019",
              "versionEndExcluding": "5.4.278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9",
              "versionEndExcluding": "5.10.219",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2",
              "versionEndExcluding": "5.15.161",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667",
              "versionEndExcluding": "6.1.93",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E",
              "versionEndExcluding": "6.6.33",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627",
              "versionEndExcluding": "6.9.4",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: cadence: fix invalid PDI offset\n\nFor some reason, we add an offset to the PDI, presumably to skip the\nPDI0 and PDI1 which are reserved for BPT.\n\nThis code is however completely wrong and leads to an out-of-bounds\naccess. We were just lucky so far since we used only a couple of PDIs\nand remained within the PDI array bounds.\n\nA Fixes: tag is not provided since there are no known platforms where\nthe out-of-bounds would be accessed, and the initial code had problems\nas well.\n\nA follow-up patch completely removes this useless offset."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: soundwire: cadencia: corrige el desplazamiento de PDI no v\u00e1lido. Por alguna raz\u00f3n, agregamos un desplazamiento al PDI, presumiblemente para omitir el PDI0 y el PDI1 que est\u00e1n reservados para BPT. Sin embargo, este c\u00f3digo es completamente err\u00f3neo y conduce a un acceso fuera de los l\u00edmites. Hasta ahora tuvimos suerte ya que solo usamos un par de PDI y nos mantuvimos dentro de los l\u00edmites de la matriz de PDI. No se proporciona una etiqueta de Correcciones: ya que no hay plataformas conocidas donde se pueda acceder a los l\u00edmites, y el c\u00f3digo inicial tambi\u00e9n ten\u00eda problemas. Un parche de seguimiento elimina por completo esta compensaci\u00f3n in\u00fatil."
    }
  ],
  "id": "CVE-2024-38635",
  "lastModified": "2025-09-17T17:00:04.430",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-21T11:15:12.240",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.