CVE-2024-41056

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41056

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41056.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-41056

Downstream

BELL-CVE-2024-41056

DEBIAN-CVE-2024-41056

DLA-4008-1

OESA-2024-1960

RHSA-2024:10771

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024:8157

RHSA-2024:8158

RHSA-2024:9315

RLSA-2024:7000

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

UBUNTU-CVE-2024-41056

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Related

Published

2024-07-29T15:15:13Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files

Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files.

In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing.

References

Affected packages