CVE-2024-50105

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
05/11/2024
Last modified:
12/11/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc<br /> <br /> Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to<br /> soundcards") moved the allocation of Soundwire stream runtime from the<br /> Qualcomm Soundwire driver to each individual machine sound card driver,<br /> except that it forgot to update SC7280 card.<br /> <br /> Just like for other Qualcomm sound cards using Soundwire, the card<br /> driver should allocate and release the runtime. Otherwise sound<br /> playback will result in a NULL pointer dereference or other effect of<br /> uninitialized memory accesses (which was confirmed on SDM845 having<br /> similar issue).

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.11.6 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*