Resolved vulnerability in Linux kernel's ASoC Driver
CVE-2024-50292

5.5MEDIUM

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
19 November 2024

What is CVE-2024-50292?

In the Linux kernel, the following vulnerability has been resolved:

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]

To avoid this issue, release channel only if the pointer is valid.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 794df9448edb55978e50372f083aeedade1b2844 < 3a977b554f668382dfba31fd62e4cce4fe5643db

Linux 794df9448edb55978e50372f083aeedade1b2844 < 0d75f887aabd80cf37ea48d28f159afa7850ea28

Linux 794df9448edb55978e50372f083aeedade1b2844 < 4f1d74f74752eab8af6b8b28797dc6490d57374c

References

https://git.kernel.org/stable/c/3a977b554f668382dfba31fd6...
https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28...
https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b287...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.