CVE-2024-50104

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: qcom: sdm845: add missing soundwire runtime stream alloc<br /> <br /> During the migration of Soundwire runtime stream allocation from<br /> the Qualcomm Soundwire controller to SoC&amp;#39;s soundcard drivers the sdm845<br /> soundcard was forgotten.<br /> <br /> At this point any playback attempt or audio daemon startup, for instance<br /> on sdm845-db845c (Qualcomm RB3 board), will result in stream pointer<br /> NULL dereference:<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual<br /> address 0000000000000020<br /> Mem abort info:<br /> ESR = 0x0000000096000004<br /> EC = 0x25: DABT (current EL), IL = 32 bits<br /> SET = 0, FnV = 0<br /> EA = 0, S1PTW = 0<br /> FSC = 0x04: level 0 translation fault<br /> Data abort info:<br /> ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000<br /> CM = 0, WnR = 0, TnD = 0, TagAccess = 0<br /> GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br /> user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000<br /> [0000000000000020] pgd=0000000000000000, p4d=0000000000000000<br /> Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP<br /> Modules linked in: ...<br /> CPU: 5 UID: 0 PID: 1198 Comm: aplay<br /> Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18<br /> Hardware name: Thundercomm Dragonboard 845c (DT)<br /> pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]<br /> lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]<br /> sp : ffff80008a2035c0<br /> x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000<br /> x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800<br /> x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003<br /> x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000<br /> x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000<br /> x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000<br /> x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000<br /> x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec<br /> x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003<br /> x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8<br /> Call trace:<br /> sdw_stream_add_slave+0x44/0x380 [soundwire_bus]<br /> wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x]<br /> snd_soc_dai_hw_params+0x3c/0xa4<br /> __soc_pcm_hw_params+0x230/0x660<br /> dpcm_be_dai_hw_params+0x1d0/0x3f8<br /> dpcm_fe_dai_hw_params+0x98/0x268<br /> snd_pcm_hw_params+0x124/0x460<br /> snd_pcm_common_ioctl+0x998/0x16e8<br /> snd_pcm_ioctl+0x34/0x58<br /> __arm64_sys_ioctl+0xac/0xf8<br /> invoke_syscall+0x48/0x104<br /> el0_svc_common.constprop.0+0x40/0xe0<br /> do_el0_svc+0x1c/0x28<br /> el0_svc+0x34/0xe0<br /> el0t_64_sync_handler+0x120/0x12c<br /> el0t_64_sync+0x190/0x194<br /> Code: aa0403fb f9418400 9100e000 9400102f (f8420f22)<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> 0000000000006108 :<br /> 6108: d503233f paciasp<br /> 610c: a9b97bfd stp x29, x30, [sp, #-112]!<br /> 6110: 910003fd mov x29, sp<br /> 6114: a90153f3 stp x19, x20, [sp, #16]<br /> 6118: a9025bf5 stp x21, x22, [sp, #32]<br /> 611c: aa0103f6 mov x22, x1<br /> 6120: 2a0303f5 mov w21, w3<br /> 6124: a90363f7 stp x23, x24, [sp, #48]<br /> 6128: aa0003f8 mov x24, x0<br /> 612c: aa0203f7 mov x23, x2<br /> 6130: a9046bf9 stp x25, x26, [sp, #64]<br /> 6134: aa0403f9 mov x25, x4