CVE-2024-53045

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53045

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53045.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-53045

Downstream

BELL-CVE-2024-53045

DEBIAN-CVE-2024-53045

SUSE-SU-2024:4314-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

UBUNTU-CVE-2024-53045

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Related

Published

2024-11-19T18:15:24Z

Modified

2025-08-09T20:01:25Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: dapm: fix bounds checker error in dapmwidgetlist_create

The widgets array in the sndsocdapmwidgetlist has a _countedby attribute attached to it, which points to the numwidgets variable. This attribute is used in bounds checking, and if it is not set before the array is filled, then the bounds sanitizer will issue a warning or a kernel panic if CONFIGUBSAN_TRAP is set.

This patch sets the size of the widgets list calculated with listforeach as the initial value for num_widgets as it is used for allocating memory for the array. It is updated with the actual number of added elements after the array is filled.

References

Affected packages