CVE-2024-50103
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
05/11/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()<br />
<br />
A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could<br />
possibly return NULL pointer. NULL Pointer Dereference may be<br />
triggerred without addtional check.<br />
Add a NULL check for the returned pointer.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10 (including) | 5.15.170 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.115 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.59 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/03c9c2c2d2d0fe203dfe8f56bedbcf04e303d7c4
- https://git.kernel.org/stable/c/1e235d02d803660777ec911a2c467ae41f8539f5
- https://git.kernel.org/stable/c/49da1463c9e3d2082276c3e0e2a8b65a88711cd2
- https://git.kernel.org/stable/c/73cc3f905ca9aa95694eea3dfa1acadc90686368
- https://git.kernel.org/stable/c/a8e691fe1894c8bdf815a6171ee22ae7da8b18aa
- https://git.kernel.org/stable/c/e19bf49e903337641fc230d430d49813e3199902
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html