{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53061", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.975Z", "datePublished": "2024-11-19T17:22:32.189Z", "dateUpdated": "2025-03-13T17:53:49.672Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:38:14.431Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c"], "versions": [{"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "c5f6fefcda8fac8f082b6c5bf416567f4e100c51", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "a930cddfd153b5d4401df0c01effa14c831ff21e", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "c85db2d4432de4ff9d97006691ce2dcb5bda660e", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "784bc785a453eb2f8433dd62075befdfa1b2d6fd", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "c951a0859fdacf49a2298b5551a7e52b95ff6f51", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "14a22762c3daeac59a5a534e124acbb4d7a79b3a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c"], "versions": [{"version": "4.4", "status": "affected"}, {"version": "0", "lessThan": "4.4", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.324", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.286", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.230", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.172", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.117", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.61", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.8", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51"}, {"url": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b"}, {"url": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef"}, {"url": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e"}, {"url": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e"}, {"url": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd"}, {"url": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51"}, {"url": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a"}], "title": "media: s5p-jpeg: prevent buffer overflows", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-191", "lang": "en", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-13T01:39:25.933440Z", "id": "CVE-2024-53061", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T17:53:49.672Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53061", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.975Z", "datePublished": "2024-11-19T17:22:32.189Z", "dateUpdated": "2025-03-13T17:53:49.672Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:38:14.431Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c"], "versions": [{"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "c5f6fefcda8fac8f082b6c5bf416567f4e100c51", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "a930cddfd153b5d4401df0c01effa14c831ff21e", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "c85db2d4432de4ff9d97006691ce2dcb5bda660e", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "784bc785a453eb2f8433dd62075befdfa1b2d6fd", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "c951a0859fdacf49a2298b5551a7e52b95ff6f51", "status": "affected", "versionType": "git"}, {"version": "6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4", "lessThan": "14a22762c3daeac59a5a534e124acbb4d7a79b3a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/samsung/s5p-jpeg/jpeg-core.c"], "versions": [{"version": "4.4", "status": "affected"}, {"version": "0", "lessThan": "4.4", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.324", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.286", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.230", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.172", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.117", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.61", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.8", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51"}, {"url": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b"}, {"url": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef"}, {"url": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e"}, {"url": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e"}, {"url": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd"}, {"url": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51"}, {"url": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a"}], "title": "media: s5p-jpeg: prevent buffer overflows", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-13T01:39:25.933440Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T16:03:49.000Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "304E5368-E4DF-4277-9ACF-AB3ADEB91CA4", "versionEndExcluding": "4.19.324", "versionStartIncluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9952C897-8A61-4D4B-9D6D-7D063E9EA15E", "versionEndExcluding": "5.4.286", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF5B32D0-72C9-41C3-A0BB-D4946153C134", "versionEndExcluding": "5.10.230", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "88812664-4296-42AC-AE0F-ED71086C1BB1", "versionEndExcluding": "5.15.172", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DD7F755-2F6B-4707-8973-78496AD5AA8E", "versionEndExcluding": "6.1.117", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "630ED7EB-C97E-4435-B884-1E309E40D6F3", "versionEndExcluding": "6.6.61", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BD000F7-3DAD-4DD3-8906-98EA1EC67E95", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: s5p-jpeg: evitar desbordamientos de b\u00fafer La l\u00f3gica actual permite que word sea menor que 2. Si esto sucede, habr\u00e1 desbordamientos de b\u00fafer, como lo informa smatch. Agregue verificaciones adicionales para evitarlo. Mientras est\u00e9 aqu\u00ed, elimine una asignaci\u00f3n word = 0 sin usar."}], "id": "CVE-2024-53061", "lastModified": "2025-02-18T16:15:18.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-19T18:15:25.997", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-191"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: media: s5p-jpeg: prevent buffer overflows", "id": "2327385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327385"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-191", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmedia: s5p-jpeg: prevent buffer overflows\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\nWhile here, remove an unused word = 0 assignment."], "name": "CVE-2024-53061", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53061\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53061\nhttps://lore.kernel.org/linux-cve-announce/2024111931-CVE-2024-53061-a7a1@gregkh/T"], "threat_severity": "Moderate"}