cve-2024-50104
Vulnerability from cvelistv5
Published
2024-11-05 17:10
Modified
2024-12-19 09:33
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sdm845: add missing soundwire runtime stream alloc During the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845 soundcard was forgotten. At this point any playback attempt or audio daemon startup, for instance on sdm845-db845c (Qualcomm RB3 board), will result in stream pointer NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000 [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: ... CPU: 5 UID: 0 PID: 1198 Comm: aplay Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18 Hardware name: Thundercomm Dragonboard 845c (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus] lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus] sp : ffff80008a2035c0 x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000 x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800 x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003 x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000 x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003 x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8 Call trace: sdw_stream_add_slave+0x44/0x380 [soundwire_bus] wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x] snd_soc_dai_hw_params+0x3c/0xa4 __soc_pcm_hw_params+0x230/0x660 dpcm_be_dai_hw_params+0x1d0/0x3f8 dpcm_fe_dai_hw_params+0x98/0x268 snd_pcm_hw_params+0x124/0x460 snd_pcm_common_ioctl+0x998/0x16e8 snd_pcm_ioctl+0x34/0x58 __arm64_sys_ioctl+0xac/0xf8 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xe0 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 Code: aa0403fb f9418400 9100e000 9400102f (f8420f22) ---[ end trace 0000000000000000 ]--- 0000000000006108 <sdw_stream_add_slave>: 6108: d503233f paciasp 610c: a9b97bfd stp x29, x30, [sp, #-112]! 6110: 910003fd mov x29, sp 6114: a90153f3 stp x19, x20, [sp, #16] 6118: a9025bf5 stp x21, x22, [sp, #32] 611c: aa0103f6 mov x22, x1 6120: 2a0303f5 mov w21, w3 6124: a90363f7 stp x23, x24, [sp, #48] 6128: aa0003f8 mov x24, x0 612c: aa0203f7 mov x23, x2 6130: a9046bf9 stp x25, x26, [sp, #64] 6134: aa0403f9 mov x25, x4 <-- x4 copied to x25 6138: a90573fb stp x27, x28, [sp, #80] 613c: aa0403fb mov x27, x4 6140: f9418400 ldr x0, [x0, #776] 6144: 9100e000 add x0, x0, #0x38 6148: 94000000 bl 0 <mutex_lock> 614c: f8420f22 ldr x2, [x25, #32]! <-- offset 0x44 ^^^ This is 0x6108 + offset 0x44 from the beginning of sdw_stream_add_slave() where data abort happens. wsa881x_hw_params() is called with stream = NULL and passes it further in register x4 (5th argu ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d0e806b0cc6260b59c65e606034a63145169c04cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fc34d36879f87e5a3813fb66655b8bdb90c7b0d8Patch
Impacted products
Vendor Product Version
Linux Linux Version: 6.8
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/qcom/sdm845.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fc34d36879f87e5a3813fb66655b8bdb90c7b0d8",
              "status": "affected",
              "version": "15c7fab0e0477d7d7185eac574ca43c15b59b015",
              "versionType": "git"
            },
            {
              "lessThan": "d0e806b0cc6260b59c65e606034a63145169c04c",
              "status": "affected",
              "version": "15c7fab0e0477d7d7185eac574ca43c15b59b015",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/qcom/sdm845.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: sdm845: add missing soundwire runtime stream alloc\n\nDuring the migration of Soundwire runtime stream allocation from\nthe Qualcomm Soundwire controller to SoC\u0027s soundcard drivers the sdm845\nsoundcard was forgotten.\n\nAt this point any playback attempt or audio daemon startup, for instance\non sdm845-db845c (Qualcomm RB3 board), will result in stream pointer\nNULL dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000020\n Mem abort info:\n   ESR = 0x0000000096000004\n   EC = 0x25: DABT (current EL), IL = 32 bits\n   SET = 0, FnV = 0\n   EA = 0, S1PTW = 0\n   FSC = 0x04: level 0 translation fault\n Data abort info:\n   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000\n [0000000000000020] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n Modules linked in: ...\n CPU: 5 UID: 0 PID: 1198 Comm: aplay\n Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18\n Hardware name: Thundercomm Dragonboard 845c (DT)\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\n lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\n sp : ffff80008a2035c0\n x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000\n x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800\n x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003\n x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec\n x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003\n x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8\n Call trace:\n  sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\n  wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x]\n  snd_soc_dai_hw_params+0x3c/0xa4\n  __soc_pcm_hw_params+0x230/0x660\n  dpcm_be_dai_hw_params+0x1d0/0x3f8\n  dpcm_fe_dai_hw_params+0x98/0x268\n  snd_pcm_hw_params+0x124/0x460\n  snd_pcm_common_ioctl+0x998/0x16e8\n  snd_pcm_ioctl+0x34/0x58\n  __arm64_sys_ioctl+0xac/0xf8\n  invoke_syscall+0x48/0x104\n  el0_svc_common.constprop.0+0x40/0xe0\n  do_el0_svc+0x1c/0x28\n  el0_svc+0x34/0xe0\n  el0t_64_sync_handler+0x120/0x12c\n  el0t_64_sync+0x190/0x194\n Code: aa0403fb f9418400 9100e000 9400102f (f8420f22)\n ---[ end trace 0000000000000000 ]---\n\n0000000000006108 \u003csdw_stream_add_slave\u003e:\n    6108:       d503233f        paciasp\n    610c:       a9b97bfd        stp     x29, x30, [sp, #-112]!\n    6110:       910003fd        mov     x29, sp\n    6114:       a90153f3        stp     x19, x20, [sp, #16]\n    6118:       a9025bf5        stp     x21, x22, [sp, #32]\n    611c:       aa0103f6        mov     x22, x1\n    6120:       2a0303f5        mov     w21, w3\n    6124:       a90363f7        stp     x23, x24, [sp, #48]\n    6128:       aa0003f8        mov     x24, x0\n    612c:       aa0203f7        mov     x23, x2\n    6130:       a9046bf9        stp     x25, x26, [sp, #64]\n    6134:       aa0403f9        mov     x25, x4        \u003c-- x4 copied to x25\n    6138:       a90573fb        stp     x27, x28, [sp, #80]\n    613c:       aa0403fb        mov     x27, x4\n    6140:       f9418400        ldr     x0, [x0, #776]\n    6144:       9100e000        add     x0, x0, #0x38\n    6148:       94000000        bl      0 \u003cmutex_lock\u003e\n    614c:       f8420f22        ldr     x2, [x25, #32]!  \u003c-- offset 0x44\n    ^^^\nThis is 0x6108 + offset 0x44 from the beginning of sdw_stream_add_slave()\nwhere data abort happens.\nwsa881x_hw_params() is called with stream = NULL and passes it further\nin register x4 (5th argu\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:33:10.534Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fc34d36879f87e5a3813fb66655b8bdb90c7b0d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0e806b0cc6260b59c65e606034a63145169c04c"
        }
      ],
      "title": "ASoC: qcom: sdm845: add missing soundwire runtime stream alloc",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50104",
    "datePublished": "2024-11-05T17:10:39.471Z",
    "dateReserved": "2024-10-21T19:36:19.946Z",
    "dateUpdated": "2024-12-19T09:33:10.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50104\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-05T18:15:13.993\",\"lastModified\":\"2024-11-12T15:05:45.587\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: qcom: sdm845: add missing soundwire runtime stream alloc\\n\\nDuring the migration of Soundwire runtime stream allocation from\\nthe Qualcomm Soundwire controller to SoC\u0027s soundcard drivers the sdm845\\nsoundcard was forgotten.\\n\\nAt this point any playback attempt or audio daemon startup, for instance\\non sdm845-db845c (Qualcomm RB3 board), will result in stream pointer\\nNULL dereference:\\n\\n Unable to handle kernel NULL pointer dereference at virtual\\n address 0000000000000020\\n Mem abort info:\\n   ESR = 0x0000000096000004\\n   EC = 0x25: DABT (current EL), IL = 32 bits\\n   SET = 0, FnV = 0\\n   EA = 0, S1PTW = 0\\n   FSC = 0x04: level 0 translation fault\\n Data abort info:\\n   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\\n   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\\n   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000\\n [0000000000000020] pgd=0000000000000000, p4d=0000000000000000\\n Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\\n Modules linked in: ...\\n CPU: 5 UID: 0 PID: 1198 Comm: aplay\\n Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18\\n Hardware name: Thundercomm Dragonboard 845c (DT)\\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\\n pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\\n lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\\n sp : ffff80008a2035c0\\n x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000\\n x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800\\n x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003\\n x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000\\n x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000\\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec\\n x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003\\n x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8\\n Call trace:\\n  sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\\n  wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x]\\n  snd_soc_dai_hw_params+0x3c/0xa4\\n  __soc_pcm_hw_params+0x230/0x660\\n  dpcm_be_dai_hw_params+0x1d0/0x3f8\\n  dpcm_fe_dai_hw_params+0x98/0x268\\n  snd_pcm_hw_params+0x124/0x460\\n  snd_pcm_common_ioctl+0x998/0x16e8\\n  snd_pcm_ioctl+0x34/0x58\\n  __arm64_sys_ioctl+0xac/0xf8\\n  invoke_syscall+0x48/0x104\\n  el0_svc_common.constprop.0+0x40/0xe0\\n  do_el0_svc+0x1c/0x28\\n  el0_svc+0x34/0xe0\\n  el0t_64_sync_handler+0x120/0x12c\\n  el0t_64_sync+0x190/0x194\\n Code: aa0403fb f9418400 9100e000 9400102f (f8420f22)\\n ---[ end trace 0000000000000000 ]---\\n\\n0000000000006108 \u003csdw_stream_add_slave\u003e:\\n    6108:       d503233f        paciasp\\n    610c:       a9b97bfd        stp     x29, x30, [sp, #-112]!\\n    6110:       910003fd        mov     x29, sp\\n    6114:       a90153f3        stp     x19, x20, [sp, #16]\\n    6118:       a9025bf5        stp     x21, x22, [sp, #32]\\n    611c:       aa0103f6        mov     x22, x1\\n    6120:       2a0303f5        mov     w21, w3\\n    6124:       a90363f7        stp     x23, x24, [sp, #48]\\n    6128:       aa0003f8        mov     x24, x0\\n    612c:       aa0203f7        mov     x23, x2\\n    6130:       a9046bf9        stp     x25, x26, [sp, #64]\\n    6134:       aa0403f9        mov     x25, x4        \u003c-- x4 copied to x25\\n    6138:       a90573fb        stp     x27, x28, [sp, #80]\\n    613c:       aa0403fb        mov     x27, x4\\n    6140:       f9418400        ldr     x0, [x0, #776]\\n    6144:       9100e000        add     x0, x0, #0x38\\n    6148:       94000000        bl      0 \u003cmutex_lock\u003e\\n    614c:       f8420f22        ldr     x2, [x25, #32]!  \u003c-- offset 0x44\\n    ^^^\\nThis is 0x6108 + offset 0x44 from the beginning of sdw_stream_add_slave()\\nwhere data abort happens.\\nwsa881x_hw_params() is called with stream = NULL and passes it further\\nin register x4 (5th argu\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: sdm845: agregar asignaci\u00f3n de flujo de tiempo de ejecuci\u00f3n de Soundwire faltante Durante la migraci\u00f3n de la asignaci\u00f3n de flujo de tiempo de ejecuci\u00f3n de Soundwire desde el controlador Qualcomm Soundwire a los controladores de tarjeta de sonido del SoC, se olvid\u00f3 la tarjeta de sonido sdm845. En este punto, cualquier intento de reproducci\u00f3n o inicio del daemon de audio, por ejemplo en sdm845-db845c (placa Qualcomm RB3), dar\u00e1 como resultado una desreferenciaci\u00f3n del puntero de flujo NULL: No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000096000004 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: error de traducci\u00f3n de nivel 0 Informaci\u00f3n de aborto de datos: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Superposici\u00f3n = 0, DirtyBit = 0, Xs = 0 usuario pgtable: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000101ecf000 [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 Error interno: Oops: 0000000096000004 [#1] PREEMPT M\u00f3dulos SMP vinculados en: ... CPU: 5 UID: 0 PID: 1198 Comm: aplay No contaminado 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18 Nombre del hardware: Thundercomm Dragonboard 845c (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : sdw_stream_add_slave+0x44/0x380 [bus_soundwire] lr : sdw_stream_add_slave+0x44/0x380 [bus_soundwire] sp : ffff80008a2035c0 x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 000000000000000 x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800 x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003 x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000 x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 00000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003 x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8 Rastreo de llamadas: sdw_stream_add_slave+0x44/0x380 [bus de cable de sonido] wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x] snd_soc_dai_hw_params+0x3c/0xa4 __soc_pcm_hw_params+0x230/0x660 dpcm_be_dai_hw_params+0x1d0/0x3f8 dpcm_fe_dai_hw_params+0x98/0x268 snd_pcm_hw_params+0x124/0x460 snd_pcm_common_ioctl+0x998/0x16e8 snd_pcm_ioctl+0x34/0x58 __arm64_sys_ioctl+0xac/0xf8 invocar_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xe0 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 C\u00f3digo: aa0403fb f9418400 9100e000 9400102f (f8420f22) ---[ fin de seguimiento 000000000000000 ]--- 0000000000006108 : 6108: d503233f paciasp 610c: a9b97bfd stp x29, x30, [sp, #-112]! 6110: 910003fd movimiento x29, movimiento r\u00e1pido 6114: a90153f3 movimiento r\u00e1pido x19, x20, [movimiento r\u00e1pido, n.\u00b0 16] 6118: a9025bf5 movimiento r\u00e1pido x21, x22, [movimiento r\u00e1pido, n.\u00b0 32] 611c: aa0103f6 movimiento x22, x1 6120: 2a0303f5 movimiento r\u00e1pido w21, w3 6124: a90363f7 movimiento r\u00e1pido x23, x24, [movimiento r\u00e1pido, n.\u00b0 48] 6128: aa0003f8 movimiento r\u00e1pido x24, x0 612c: aa0203f7 movimiento r\u00e1pido x23, x2 6130: a9046bf9 movimiento r\u00e1pido x25, x26, [movimiento r\u00e1pido, n.\u00b0 64] 6134: aa0403f9 mov x25, x4 \u0026lt;-- x4 copiado a x25 6138: a90573fb stp x27, x28, [sp, #80] 613c: aa0403fb mov x27, x4 6140: f9418400 ldr x0, [x0, #776] 6144: 9100e000 agrega x0, x0, #0x38 6148: 94000000 bl 0  614c: f8420f22 ldr x2, [x25, #32]! \u0026lt;-- desplazamiento 0x44 ^^^ Esto es 0x6108 + desplazamiento 0x44 desde el comienzo de sdw_stream_add_slave() donde ocurre la interrupci\u00f3n de datos. Se llama a wsa881x_hw_params() con stream = NULL y se pasa m\u00e1s adelante en el registro x4 (quinto argumento ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.6\",\"matchCriteriaId\":\"2CAA29A6-36B4-4C90-A862-A816F65153DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/d0e806b0cc6260b59c65e606034a63145169c04c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fc34d36879f87e5a3813fb66655b8bdb90c7b0d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.