cve-2024-35842
Vulnerability from cvelistv5
Published
2024-05-17 14:27
Modified
2024-11-05 09:23
Severity ?
Summary
ASoC: mediatek: sof-common: Add NULL check for normal_link string
Impacted products
Vendor Product Version
Linux Linux Version: 6.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:41:43.431099Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:18.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/mediatek/common/mtk-dsp-sof-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cad471227a37",
              "status": "affected",
              "version": "0caf1120c583",
              "versionType": "git"
            },
            {
              "lessThan": "b1d3db6740d0",
              "status": "affected",
              "version": "0caf1120c583",
              "versionType": "git"
            },
            {
              "lessThan": "cde6ca5872bf",
              "status": "affected",
              "version": "0caf1120c583",
              "versionType": "git"
            },
            {
              "lessThan": "e3b3ec967a7d",
              "status": "affected",
              "version": "0caf1120c583",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/mediatek/common/mtk-dsp-sof-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: sof-common: Add NULL check for normal_link string\n\nIt\u0027s not granted that all entries of struct sof_conn_stream declare\na `normal_link` (a non-SOF, direct link) string, and this is the case\nfor SoCs that support only SOF paths (hence do not support both direct\nand SOF usecases).\n\nFor example, in the case of MT8188 there is no normal_link string in\nany of the sof_conn_stream entries and there will be more drivers\ndoing that in the future.\n\nTo avoid possible NULL pointer KPs, add a NULL check for `normal_link`."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:23:32.612Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed"
        }
      ],
      "title": "ASoC: mediatek: sof-common: Add NULL check for normal_link string",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35842",
    "datePublished": "2024-05-17T14:27:32.476Z",
    "dateReserved": "2024-05-17T13:50:33.104Z",
    "dateUpdated": "2024-11-05T09:23:32.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35842\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-17T15:15:21.237\",\"lastModified\":\"2024-11-21T09:21:01.483\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: mediatek: sof-common: Add NULL check for normal_link string\\n\\nIt\u0027s not granted that all entries of struct sof_conn_stream declare\\na `normal_link` (a non-SOF, direct link) string, and this is the case\\nfor SoCs that support only SOF paths (hence do not support both direct\\nand SOF usecases).\\n\\nFor example, in the case of MT8188 there is no normal_link string in\\nany of the sof_conn_stream entries and there will be more drivers\\ndoing that in the future.\\n\\nTo avoid possible NULL pointer KPs, add a NULL check for `normal_link`.\"},{\"lang\":\"es\",\"value\":\" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: sof-common: Agregar verificaci\u00f3n NULL para la cadena normal_link No se garantiza que todas las entradas de la estructura sof_conn_stream declaren una cadena `normal_link` (un enlace directo no SOF) , y este es el caso de los SoC que solo admiten rutas SOF (por lo tanto, no admiten casos de uso directos y SOF). Por ejemplo, en el caso de MT8188 no hay una cadena normal_link en ninguna de las entradas de sof_conn_stream y habr\u00e1 m\u00e1s controladores que lo hagan en el futuro. Para evitar posibles KP de puntero NULL, agregue una verificaci\u00f3n NULL para `normal_link`.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.