CVE-2024-38635
Published: Jun 21, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access. We were just lucky so far since we used only a couple of PDIs and remained within the PDI array bounds. A Fixes: tag is not provided since there are no known platforms where the out-of-bounds would be accessed, and the initial code had problems as well. A follow-up patch completely removes this useless offset.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 002364b2d594a9afc0385c09e00994c510b1d089affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 902f6d656441a511ac25c6cffce74496db10a078affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 2ebcaa0e5db9b6044bb487ae1cf41bc601761567affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 7eeef1e935d23db5265233d92395bd5c648a4021+8 more versions |
Linux | Linux | unaffected 5.4.278 - <= 5.4.*unaffected 5.10.219 - <= 5.10.*unaffected 5.15.161 - <= 5.15.*unaffected 6.1.93 - <= 6.1.*unaffected 6.6.33 - <= 6.6.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now