CVE-2024-58077
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/03/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ASoC: soc-pcm: don&#39;t use soc_pcm_ret() on .prepare callback<br />
<br />
commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port"<br />
log severity") ignores -EINVAL error message on common soc_pcm_ret().<br />
It is used from many functions, ignoring -EINVAL is over-kill.<br />
<br />
The reason why -EINVAL was ignored was it really should only be used<br />
upon invalid parameters coming from userspace and in that case we don&#39;t<br />
want to log an error since we do not want to give userspace a way to do<br />
a denial-of-service attack on the syslog / diskspace.<br />
<br />
So don&#39;t use soc_pcm_ret() on .prepare callback is better idea.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.5.1 (including) | 6.6.78 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.3 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.5:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/301c26a018acb94dd537a4418cefa0f654500c6f
- https://git.kernel.org/stable/c/79b8c7c93beb4f5882c9ee5b9ba73354fa4bc9ee
- https://git.kernel.org/stable/c/8ec4e8c8e142933eaa8e1ed87168831069250e4e
- https://git.kernel.org/stable/c/90778f31efdf44622065ebbe8d228284104bd26f
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html