Use-After-Free Bug in snd_pcm_suspend_all() in Linux Kernel
CVE-2024-46798

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2024

What is CVE-2024-46798?

A vulnerability within the Linux kernel affects the snd_soc_pcm_runtime object, primarily occurring when the kernel's configuration includes specific KASAN settings. The flaw manifests as a use-after-free issue during system suspension, where the snd_pcm_suspend_all function attempts to access a freed snd_soc_pcm_runtime object. This access can result in system errors, as indicated by kernel logs. The vulnerability highlights the necessity for proper memory management, specifically ensuring that the substream runtime is initialized to NULL upon deallocation. This critical update mitigates potential risks to system stability and app functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 < 993b60c7f93fa1d8ff296b58f646a867e945ae89

Linux a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 < 8ca21e7a27c66b95a4b215edc8e45e5d66679f9f

Linux a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 < 3033ed903b4f28b5e1ab66042084fbc2c48f8624

References

https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f...
https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc...
https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.