CVE-2024-38635

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access. We were just lucky so far since we used only a couple of PDIs and remained within the PDI array bounds. A Fixes: tag is not provided since there are no known platforms where the out-of-bounds would be accessed, and the initial code had problems as well. A follow-up patch completely removes this useless offset.

CVSS3: 5.5


Vendor State

OS Vendor version Errata
Ubuntu 20.04 5.4.0-192.212 USN-6951-1
Oracle Linux 7 UEK 6 5.4.17-2136.334.6.el7uek ELSA-2024-12581
Oracle Linux 8 UEK 6 5.4.17-2136.334.6.el8uek ELSA-2024-12581
Ubuntu 20.04 AWS 5.4.0-1130.140 USN-6951-1
Debian 11 5.10.221-1 DSA-5730-1
Ubuntu 22.04 5.15.0-121.131 USN-7007-1
Ubuntu 22.04 AWS 5.15.0-1069.75 USN-7007-1
Ubuntu 22.04 Azure 5.15.0-1072.81 USN-7009-1
RHEL 9 5.14.0-503.11.1.el9_5 RHSA-2024:9315
Debian 11 cloud 5.10.221-1 DSA-5730-1
Ubuntu 20.04 HWE AWS 5.15.0-1069.75~20.04.1 USN-7007-1
Ubuntu 20.04 HWE Azure 5.15.0-1072.81~20.04.1 USN-7009-1
Ubuntu 20.04 GCP 5.4.0-1134.143 USN-6951-1
Ubuntu 24.04 6.8.0-44.44 USN-6999-1

KernelCare State

OS Original kernel version State
Ubuntu 20.04
In Progress
Oracle Linux 7 UEK 6
5.4.17-2011.2.2.el7uek show all hide all
5.4.17-2011.1.2.el7uek 5.4.17-2011.3.2.1.el7uek 5.4.17-2011.0.7.el7uek 5.4.17-2011.4.4.el7uek 5.4.17-2011.4.6.el7uek 5.4.17-2011.5.3.el7uek 5.4.17-2011.6.2.el7uek 5.4.17-2011.7.4.el7uek 5.4.17-2036.100.6.1.el7uek 5.4.17-2036.101.2.el7uek 5.4.17-2036.102.0.2.el7uek 5.4.17-2036.103.3.el7uek 5.4.17-2036.103.3.1.el7uek 5.4.17-2036.104.4.el7uek 5.4.17-2036.104.5.el7uek 5.4.17-2102.200.13.el7uek 5.4.17-2102.201.3.el7uek 5.4.17-2102.202.5.el7uek 5.4.17-2102.203.5.el7uek 5.4.17-2102.203.6.el7uek 5.4.17-2102.204.4.2.el7uek 5.4.17-2102.204.4.3.el7uek 5.4.17-2102.204.4.4.el7uek 5.4.17-2102.205.7.2.el7uek 5.4.17-2102.205.7.3.el7uek 5.4.17-2102.206.1.el7uek 5.4.17-2136.300.7.el7uek 5.4.17-2136.301.1.2.el7uek 5.4.17-2136.301.1.4.el7uek 5.4.17-2136.302.6.1.el7uek 5.4.17-2136.302.7.2.el7uek 5.4.17-2136.302.7.2.1.el7uek 5.4.17-2136.301.1.3.el7uek 5.4.17-2136.302.7.2.2.el7uek 5.4.17-2136.302.7.2.3.el7uek 5.4.17-2136.304.4.1.el7uek 5.4.17-2136.304.4.2.el7uek 5.4.17-2136.304.4.3.el7uek 5.4.17-2136.304.4.4.el7uek 5.4.17-2136.304.4.5.el7uek 5.4.17-2136.305.5.3.el7uek 5.4.17-2136.305.5.4.el7uek 5.4.17-2136.305.5.5.el7uek 5.4.17-2136.306.1.3.el7uek 5.4.17-2136.307.3.1.el7uek 5.4.17-2136.307.3.2.el7uek 5.4.17-2136.307.3.4.el7uek 5.4.17-2136.307.3.5.el7uek 5.4.17-2136.308.7.el7uek 5.4.17-2136.307.3.6.el7uek 5.4.17-2136.308.9.el7uek 5.4.17-2136.309.5.el7uek 5.4.17-2136.309.5.1.el7uek 5.4.17-2136.310.7.el7uek 5.4.17-2136.310.7.1.el7uek 5.4.17-2136.309.4.el7uek 5.4.17-2136.311.6.el7uek 5.4.17-2136.311.6.1.el7uek 5.4.17-2136.312.3.4.el7uek 5.4.17-2136.313.6.el7uek 5.4.17-2136.314.6.2.el7uek 5.4.17-2136.314.6.3.el7uek 5.4.17-2136.315.5.el7uek 5.4.17-2136.316.7.el7uek 5.4.17-2136.315.5.8.el7uek 5.4.17-2136.317.5.3.el7uek 5.4.17-2136.317.5.5.el7uek 5.4.17-2136.318.7.1.el7uek 5.4.17-2136.318.7.2.el7uek 5.4.17-2136.319.1.2.el7uek 5.4.17-2136.319.1.3.el7uek 5.4.17-2136.319.1.4.el7uek 5.4.17-2136.320.7.el7uek 5.4.17-2136.320.7.1.el7uek 5.4.17-2136.321.4.el7uek 5.4.17-2136.322.6.2.el7uek 5.4.17-2136.323.8.el7uek 5.4.17-2136.323.8.1.el7uek 5.4.17-2136.323.8.2.el7uek 5.4.17-2136.321.4.1.el7uek 5.4.17-2136.324.5.3.el7uek 5.4.17-2136.322.6.3.el7uek 5.4.17-2136.325.5.el7uek 5.4.17-2136.325.5.1.el7uek 5.4.17-2136.326.6.el7uek 5.4.17-2136.326.6.1.el7uek 5.4.17-2136.327.2.el7uek 5.4.17-2136.328.3.el7uek 5.4.17-2136.329.3.1.el7uek 5.4.17-2136.322.6.4.el7uek 5.4.17-2136.329.3.2.el7uek 5.4.17-2136.330.7.1.el7uek 5.4.17-2136.331.7.el7uek 5.4.17-2136.322.6.5.el7uek 5.4.17-2136.330.7.4.el7uek 5.4.17-2136.332.5.2.el7uek 5.4.17-2136.333.5.el7uek 5.4.17-2136.330.7.5.el7uek 5.4.17-2136.333.5.1.el7uek
Will Not Fix
Oracle Linux 8 UEK 6
5.4.17-2011.2.2.el8uek show all hide all
5.4.17-2011.1.2.el8uek 5.4.17-2011.3.2.1.el8uek 5.4.17-2011.0.7.el8uek 5.4.17-2011.4.4.el8uek 5.4.17-2011.4.6.el8uek 5.4.17-2011.5.3.el8uek 5.4.17-2011.6.2.el8uek 5.4.17-2011.7.4.el8uek 5.4.17-2036.100.6.1.el8uek 5.4.17-2036.101.2.el8uek 5.4.17-2036.102.0.2.el8uek 5.4.17-2036.103.3.el8uek 5.4.17-2036.103.3.1.el8uek 5.4.17-2036.104.4.el8uek 5.4.17-2036.104.5.el8uek 5.4.17-2102.200.13.el8uek 5.4.17-2102.201.3.el8uek 5.4.17-2102.202.5.el8uek 5.4.17-2102.203.5.el8uek 5.4.17-2102.203.6.el8uek 5.4.17-2102.204.4.2.el8uek 5.4.17-2102.204.4.3.el8uek 5.4.17-2102.204.4.4.el8uek 5.4.17-2102.205.7.2.el8uek 5.4.17-2102.205.7.3.el8uek 5.4.17-2102.206.1.el8uek 5.4.17-2136.300.7.el8uek 5.4.17-2136.301.1.2.el8uek 5.4.17-2136.301.1.4.el8uek 5.4.17-2136.302.6.1.el8uek 5.4.17-2136.302.7.2.el8uek 5.4.17-2136.302.7.2.1.el8uek 5.4.17-2136.301.1.3.el8uek 5.4.17-2136.302.7.2.2.el8uek 5.4.17-2136.302.7.2.3.el8uek 5.4.17-2136.304.4.1.el8uek 5.4.17-2136.304.4.2.el8uek 5.4.17-2136.304.4.3.el8uek 5.4.17-2136.304.4.4.el8uek 5.4.17-2136.304.4.5.el8uek 5.4.17-2136.305.5.3.el8uek 5.4.17-2136.305.5.4.el8uek 5.4.17-2136.305.5.5.el8uek 5.4.17-2136.306.1.3.el8uek 5.4.17-2136.307.3.1.el8uek 5.4.17-2136.307.3.2.el8uek 5.4.17-2136.307.3.4.el8uek 5.4.17-2136.307.3.5.el8uek 5.4.17-2136.308.7.el8uek 5.4.17-2136.307.3.6.el8uek 5.4.17-2136.308.9.el8uek 5.4.17-2136.309.5.el8uek 5.4.17-2136.309.5.1.el8uek 5.4.17-2136.310.7.el8uek 5.4.17-2136.310.7.1.el8uek 5.4.17-2136.309.4.el8uek 5.4.17-2136.311.6.el8uek 5.4.17-2136.311.6.1.el8uek 5.4.17-2136.312.3.4.el8uek 5.4.17-2136.313.6.el8uek 5.4.17-2136.314.6.2.el8uek 5.4.17-2136.314.6.3.el8uek 5.4.17-2136.315.5.el8uek 5.4.17-2136.316.7.el8uek 5.4.17-2136.315.5.8.el8uek 5.4.17-2136.317.5.3.el8uek 5.4.17-2136.317.5.5.el8uek 5.4.17-2136.318.7.1.el8uek 5.4.17-2136.318.7.2.el8uek 5.4.17-2136.319.1.2.el8uek 5.4.17-2136.319.1.3.el8uek 5.4.17-2136.319.1.4.el8uek 5.4.17-2136.320.7.el8uek 5.4.17-2136.320.7.1.el8uek 5.4.17-2136.321.4.el8uek 5.4.17-2136.321.4.1.el8uek 5.4.17-2136.322.6.2.el8uek 5.4.17-2136.323.8.el8uek 5.4.17-2136.323.8.1.el8uek 5.4.17-2136.323.8.2.el8uek 5.4.17-2136.324.5.2.el8uek 5.4.17-2136.324.5.3.el8uek 5.4.17-2136.322.6.3.el8uek 5.4.17-2136.325.5.el8uek 5.4.17-2136.325.5.1.el8uek 5.4.17-2136.326.6.el8uek 5.4.17-2136.326.6.1.el8uek 5.4.17-2136.327.2.el8uek 5.4.17-2136.328.3.el8uek 5.4.17-2136.329.3.1.el8uek 5.4.17-2136.322.6.4.el8uek 5.4.17-2136.329.3.2.el8uek 5.4.17-2136.330.7.1.el8uek 5.4.17-2136.331.7.el8uek 5.4.17-2136.322.6.5.el8uek 5.4.17-2136.330.7.4.el8uek 5.4.17-2136.332.5.2.el8uek 5.4.17-2136.333.5.el8uek 5.4.17-2136.330.7.5.el8uek 5.4.17-2136.333.5.1.el8uek
Will Not Fix
Ubuntu 20.04 AWS
In Progress
Debian 11
In Progress
Ubuntu 22.04
In Progress
Ubuntu 22.04 AWS
In Progress
Ubuntu 22.04 Azure
Planned
RHEL 9
Planned
Debian 11 cloud
In Progress
Ubuntu 20.04 HWE AWS
In Progress
Ubuntu 20.04 HWE Azure
Planned
Ubuntu 20.04 GCP
In Progress
Debian 12
Planned
Ubuntu 24.04
Planned