CVE-2024-53045

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-53045
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53045.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-53045
Downstream
Related
Published
2024-11-19T18:15:24Z
Modified
2025-08-09T20:01:25Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: dapm: fix bounds checker error in dapmwidgetlist_create

The widgets array in the sndsocdapmwidgetlist has a _countedby attribute attached to it, which points to the numwidgets variable. This attribute is used in bounds checking, and if it is not set before the array is filled, then the bounds sanitizer will issue a warning or a kernel panic if CONFIGUBSAN_TRAP is set.

This patch sets the size of the widgets list calculated with listforeach as the initial value for num_widgets as it is used for allocating memory for the array. It is updated with the actual number of added elements after the array is filled.

References

Affected packages