Denial of Service Risk in Linux Kernel's ASoC Component
CVE-2024-58077

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 March 2025

Summary

A vulnerability exists in the ASoC component of the Linux kernel, specifically related to the improper handling of the soc_pcm_ret() function in the .prepare callback. This oversight could potentially allow an attacker to flood the syslog with error messages, leading to a denial-of-service condition by consuming excessive disk space and performance resources. The resolution involves ensuring that the soc_pcm_ret() function is not used in contexts where error messages are irrelevant or might expose the system to misuse, thus improving the overall stability and security of the audio subsystem.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 79b8c7c93beb4f5882c9ee5b9ba73354fa4bc9ee

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 90778f31efdf44622065ebbe8d228284104bd26f

References

https://git.kernel.org/stable/c/b65ba768302adc7ddc7081111...

https://git.kernel.org/stable/c/79b8c7c93beb4f5882c9ee5b9...

https://git.kernel.org/stable/c/90778f31efdf44622065ebbe8...

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Mar 6, 2025