CVE-2024-38605

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: core: Fix NULL module pointer assignment at card init<br /> <br /> The commit 81033c6b584b ("ALSA: core: Warn on empty module")<br /> introduced a WARN_ON() for a NULL module pointer passed at snd_card<br /> object creation, and it also wraps the code around it with &amp;#39;#ifdef<br /> MODULE&amp;#39;. This works in most cases, but the devils are always in<br /> details. "MODULE" is defined when the target code (i.e. the sound<br /> core) is built as a module; but this doesn&amp;#39;t mean that the caller is<br /> also built-in or not. Namely, when only the sound core is built-in<br /> (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m),<br /> the passed module pointer is ignored even if it&amp;#39;s non-NULL, and<br /> card-&gt;module remains as NULL. This would result in the missing module<br /> reference up/down at the device open/close, leading to a race with the<br /> code execution after the module removal.<br /> <br /> For addressing the bug, move the assignment of card-&gt;module again out<br /> of ifdef. The WARN_ON() is still wrapped with ifdef because the<br /> module can be really NULL when all sound drivers are built-in.<br /> <br /> Note that we keep &amp;#39;ifdef MODULE&amp;#39; for WARN_ON(), otherwise it would<br /> lead to a false-positive NULL module check. Admittedly it won&amp;#39;t catch<br /> perfectly, i.e. no check is performed when CONFIG_SND=y. But, it&amp;#39;s no<br /> real problem as it&amp;#39;s only for debugging, and the condition is pretty<br /> rare.