Sound Card Driver Vulnerability in Mediatek Devices
CVE-2024-56685

Currently unrated

Key Information:

Vendor
Mediatek
Vendor
CVE Published:
28 December 2024

Summary

A significant vulnerability affecting sound card drivers in Mediatek's platforms may lead to kernel panic when probing devices due to improper handling of dummy codecs. In specific instances involving mt8188 and mt8195 drivers, attempts to access codec fields when no valid codec is available can result in null pointer dereference, thereby compromising system stability. The root cause lies in the initialization of dummy component arrays which may be left uninitialized at probe time. Affected drivers must ensure that the number of codecs is verified before dereferencing any codec information to prevent undefined behavior during initialization.

References

Timeline

  • Vulnerability published

.