CVE-2024-42097 - Vulnerability Details

Link	Providers
https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab
https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3
https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69
https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14
https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f
https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e
https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6
https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2
https://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-42097-5a6a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42097
https://www.cve.org/CVERecord?id=CVE-2024-42097

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Weaknesses		CWE-20

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42097", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.173Z", "datePublished": "2024-07-29T17:39:32.470Z", "dateUpdated": "2025-05-04T09:22:56.455Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:22:56.455Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/synth/emux/soundfont.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "40d7def67841343c10f8642a41031fecbb248bab", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "79d9a000f0220cdaba1682d2a23c0d0c61d620a3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d23982ea9aa438f35a8c8a6305943e98a8db90f6", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7a18293fd8d8519c2f7a03753bc1583b18e3db69", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d0ff2443fcbb472206d45a5d2a90cc694065804e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "87039b83fb7bfd7d0e0499aaa8e6c049906b4d14", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "89b32ccb12ae67e630c6453d778ec30a592a212f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/synth/emux/soundfont.c"], "versions": [{"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.19.317"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.4.279"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.221"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.97"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.9.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab"}, {"url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3"}, {"url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6"}, {"url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69"}, {"url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e"}, {"url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2"}, {"url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14"}, {"url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f"}], "title": "ALSA: emux: improve patch ioctl data validation", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.545Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42097", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:18.485738Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:00.102Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-42097 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-07-29T15:50:41.173Z (string)

datePublished : 2024-07-29T17:39:32.470Z (string)

dateUpdated : 2025-05-04T09:22:56.455Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T09:22:56.455Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : sound/synth/emux/soundfont.c (string)

]

versions : [ »

0 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 40d7def67841343c10f8642a41031fecbb248bab (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

status : affected (string)

versionType : git (string)

}

5 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

status : affected (string)

versionType : git (string)

}

6 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

status : affected (string)

versionType : git (string)

}

7 : { »

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 89b32ccb12ae67e630c6453d778ec30a592a212f (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : sound/synth/emux/soundfont.c (string)

]

versions : [ »

0 : { »

version : 4.19.317 (string)

lessThanOrEqual : 4.19.* (string)

status : unaffected (string)

versionType : semver (string)

}

1 : { »

version : 5.4.279 (string)

lessThanOrEqual : 5.4.* (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 5.10.221 (string)

lessThanOrEqual : 5.10.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 5.15.162 (string)

lessThanOrEqual : 5.15.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 6.1.97 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 6.6.37 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.9.8 (string)

lessThanOrEqual : 6.9.* (string)

status : unaffected (string)

versionType : semver (string)

}

7 : { »

version : 6.10 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 4.19.317 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.4.279 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.10.221 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 5.15.162 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 6.1.97 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 6.6.37 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 6.9.8 (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionEndExcluding : 6.10 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab (string)

}

1 : { »

url : https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

}

5 : { »

url : https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f (string)

}

]

title : ALSA: emux: improve patch ioctl data validation (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:54:32.545Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-42097 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T16:18:18.485738Z (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T17:33:00.102Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.545Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42097", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:18.485738Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.999Z"}}], "cna": {"title": "ALSA: emux: improve patch ioctl data validation", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "40d7def67841343c10f8642a41031fecbb248bab", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "79d9a000f0220cdaba1682d2a23c0d0c61d620a3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d23982ea9aa438f35a8c8a6305943e98a8db90f6", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7a18293fd8d8519c2f7a03753bc1583b18e3db69", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d0ff2443fcbb472206d45a5d2a90cc694065804e", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "87039b83fb7bfd7d0e0499aaa8e6c049906b4d14", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "89b32ccb12ae67e630c6453d778ec30a592a212f", "versionType": "git"}], "programFiles": ["sound/synth/emux/soundfont.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.317", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.279", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.221", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.162", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.97", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.37", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.8", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/synth/emux/soundfont.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab"}, {"url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3"}, {"url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6"}, {"url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69"}, {"url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e"}, {"url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2"}, {"url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14"}, {"url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.317"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.279"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.221"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.162"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.97"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.37"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:22:56.455Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42097", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:22:56.455Z", "dateReserved": "2024-07-29T15:50:41.173Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T17:39:32.470Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

tags : [ »

0 : x_transferred (string)

]

}

5 : { »

url : https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

tags : [ »

0 : x_transferred (string)

]

}

6 : { »

url : https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

tags : [ »

0 : x_transferred (string)

]

}

7 : { »

url : https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T04:54:32.545Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-42097 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-10T16:18:18.485738Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T12:42:13.999Z (string)

}

]

cna : { »

title : ALSA: emux: improve patch ioctl data validation (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 40d7def67841343c10f8642a41031fecbb248bab (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

versionType : git (string)

}

5 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

versionType : git (string)

}

6 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

versionType : git (string)

}

7 : { »

status : affected (string)

version : 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (string)

lessThan : 89b32ccb12ae67e630c6453d778ec30a592a212f (string)

versionType : git (string)

}

]

programFiles : [ »

0 : sound/synth/emux/soundfont.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : unaffected (string)

version : 4.19.317 (string)

versionType : semver (string)

lessThanOrEqual : 4.19.* (string)

}

1 : { »

status : unaffected (string)

version : 5.4.279 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.* (string)

}

2 : { »

status : unaffected (string)

version : 5.10.221 (string)

versionType : semver (string)

lessThanOrEqual : 5.10.* (string)

}

3 : { »

status : unaffected (string)

version : 5.15.162 (string)

versionType : semver (string)

lessThanOrEqual : 5.15.* (string)

}

4 : { »

status : unaffected (string)

version : 6.1.97 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

5 : { »

status : unaffected (string)

version : 6.6.37 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

6 : { »

status : unaffected (string)

version : 6.9.8 (string)

versionType : semver (string)

lessThanOrEqual : 6.9.* (string)

}

7 : { »

status : unaffected (string)

version : 6.10 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : sound/synth/emux/soundfont.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab (string)

}

1 : { »

url : https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

}

2 : { »

url : https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

}

5 : { »

url : https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

}

6 : { »

url : https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

}

7 : { »

url : https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f (string)

}

]

x_generator : { »

engine : bippy-1.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. (string)

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

negate : false (boolean)

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 4.19.317 (string)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.4.279 (string)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.10.221 (string)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 5.15.162 (string)

}

4 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.1.97 (string)

}

5 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.6.37 (string)

}

6 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.9.8 (string)

}

7 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

vulnerable : true (boolean)

versionEndExcluding : 6.10 (string)

}

]

operator : OR (string)

}

]

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T09:22:56.455Z (string)

}

cveMetadata : { »

cveId : CVE-2024-42097 (string)

state : PUBLISHED (string)

dateUpdated : 2025-05-04T09:22:56.455Z (string)

dateReserved : 2024-07-29T15:50:41.173Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-07-29T17:39:32.470Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emux: improve patch ioctl data validation\n\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\n\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: emux: mejorar la validaci\u00f3n de datos del parche ioctl En load_data(), hacer que la validaci\u00f3n y la omisi\u00f3n del bloque de informaci\u00f3n principal coincidan con la de load_guspatch(). En load_guspatch(), agregue la verificaci\u00f3n de que la longitud del parche especificado coincida con los datos realmente proporcionados, como ya lo hizo load_data()."}], "id": "CVE-2024-42097", "lastModified": "2024-11-21T09:33:35.620", "metrics": {}, "published": "2024-07-29T18:15:12.167", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: emux: mejorar la validación de datos del parche ioctl En load_data(), hacer que la validación y la omisión del bloque de información principal coincidan con la de load_guspatch(). En load_guspatch(), agregue la verificación de que la longitud del parche especificado coincida con los datos realmente proporcionados, como ya lo hizo load_data(). (string)

}

]

id : CVE-2024-42097 (string)

lastModified : 2024-11-21T09:33:35.620 (string)

metrics : { *empty* }

published : 2024-07-29T18:15:12.167 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f (string)

}

5 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

}

6 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

}

7 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

url : https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/79d9a000f0220cdaba1682d2a23c0d0c61d620a3 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/7a18293fd8d8519c2f7a03753bc1583b18e3db69 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/87039b83fb7bfd7d0e0499aaa8e6c049906b4d14 (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/89b32ccb12ae67e630c6453d778ec30a592a212f (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/d0ff2443fcbb472206d45a5d2a90cc694065804e (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/d23982ea9aa438f35a8c8a6305943e98a8db90f6 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.kernel.org/stable/c/d8f5ce3cb9adf0c72e2ad6089aba02d7a32469c2 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Awaiting Analysis (string)

}

Show plain JSON

{"bugzilla": {"description": "kernel: ALSA: emux: improve patch ioctl data validation", "id": "2300715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300715"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: emux: improve patch ioctl data validation\nIn load_data(), make the validation of and skipping over the main info\nblock match that in load_guspatch().\nIn load_guspatch(), add checking that the specified patch length matches\nthe actually supplied data, like load_data() already did.", "A missed validation flaw was found in the Linux Kernel's MIDI sequencer and router support functionality. This issue could allow a local user to crash the system."], "name": "CVE-2024-42097", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42097\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42097\nhttps://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-42097-5a6a@gregkh/T"], "threat_severity": "Low"}

{

bugzilla : { »

description : kernel: ALSA: emux: improve patch ioctl data validation (string)

id : 2300715 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2300715 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.7 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-20 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. (string)

1 : A missed validation flaw was found in the Linux Kernel's MIDI sequencer and router support functionality. This issue could allow a local user to crash the system. (string)

]

name : CVE-2024-42097 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Fix deferred (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Fix deferred (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Fix deferred (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-07-29T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-42097 https://nvd.nist.gov/vuln/detail/CVE-2024-42097 https://lore.kernel.org/linux-cve-announce/2024072911-CVE-2024-42097-5a6a@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object