CVE-2024-41069
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
29/07/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ASoC: topology: Fix references to freed memory<br />
<br />
Most users after parsing a topology file, release memory used by it, so<br />
having pointer references directly into topology file contents is wrong.<br />
Use devm_kmemdup(), to allocate memory as needed.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.101 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.42 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1
- https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d
- https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2
- https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702
- https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1
- https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d
- https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2
- https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html