CVE-2024-58077

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

06/03/2025

Last modified:

19/06/2025

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don&#39;t use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don&#39;t want to log an error since we do not want to give userspace a way to do a denial-of-service attack on the syslog / diskspace. So don&#39;t use soc_pcm_ret() on .prepare callback is better idea.

Impact

References to Advisories, Solutions, and Tools

https://git.kernel.org/stable/c/301c26a018acb94dd537a4418cefa0f654500c6f
https://git.kernel.org/stable/c/79b8c7c93beb4f5882c9ee5b9ba73354fa4bc9ee
https://git.kernel.org/stable/c/8ec4e8c8e142933eaa8e1ed87168831069250e4e
https://git.kernel.org/stable/c/90778f31efdf44622065ebbe8d228284104bd26f