CVE-2024-50105
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
05/11/2024
Last modified:
12/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc<br />
<br />
Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to<br />
soundcards") moved the allocation of Soundwire stream runtime from the<br />
Qualcomm Soundwire driver to each individual machine sound card driver,<br />
except that it forgot to update SC7280 card.<br />
<br />
Just like for other Qualcomm sound cards using Soundwire, the card<br />
driver should allocate and release the runtime. Otherwise sound<br />
playback will result in a NULL pointer dereference or other effect of<br />
uninitialized memory accesses (which was confirmed on SDM845 having<br />
similar issue).
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.8 (including) | 6.11.6 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page