cve-2024-50105
Vulnerability from cvelistv5
Published
2024-11-05 17:10
Modified
2024-12-19 09:33
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc
Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to
soundcards") moved the allocation of Soundwire stream runtime from the
Qualcomm Soundwire driver to each individual machine sound card driver,
except that it forgot to update SC7280 card.
Just like for other Qualcomm sound cards using Soundwire, the card
driver should allocate and release the runtime. Otherwise sound
playback will result in a NULL pointer dereference or other effect of
uninitialized memory accesses (which was confirmed on SDM845 having
similar issue).
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/qcom/Kconfig",
"sound/soc/qcom/sc7280.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "176a41ebec42a921277cd34e8c0c2e776a9dd6c4",
"status": "affected",
"version": "15c7fab0e0477d7d7185eac574ca43c15b59b015",
"versionType": "git"
},
{
"lessThan": "db7e59e6a39a4d3d54ca8197c796557e6d480b0d",
"status": "affected",
"version": "15c7fab0e0477d7d7185eac574ca43c15b59b015",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/qcom/Kconfig",
"sound/soc/qcom/sc7280.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc\n\nCommit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to\nsoundcards\") moved the allocation of Soundwire stream runtime from the\nQualcomm Soundwire driver to each individual machine sound card driver,\nexcept that it forgot to update SC7280 card.\n\nJust like for other Qualcomm sound cards using Soundwire, the card\ndriver should allocate and release the runtime. Otherwise sound\nplayback will result in a NULL pointer dereference or other effect of\nuninitialized memory accesses (which was confirmed on SDM845 having\nsimilar issue)."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:33:11.792Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/176a41ebec42a921277cd34e8c0c2e776a9dd6c4"
},
{
"url": "https://git.kernel.org/stable/c/db7e59e6a39a4d3d54ca8197c796557e6d480b0d"
}
],
"title": "ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50105",
"datePublished": "2024-11-05T17:10:40.119Z",
"dateReserved": "2024-10-21T19:36:19.946Z",
"dateUpdated": "2024-12-19T09:33:11.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50105\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-05T18:15:14.063\",\"lastModified\":\"2024-11-12T15:06:14.500\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc\\n\\nCommit 15c7fab0e047 (\\\"ASoC: qcom: Move Soundwire runtime stream alloc to\\nsoundcards\\\") moved the allocation of Soundwire stream runtime from the\\nQualcomm Soundwire driver to each individual machine sound card driver,\\nexcept that it forgot to update SC7280 card.\\n\\nJust like for other Qualcomm sound cards using Soundwire, the card\\ndriver should allocate and release the runtime. Otherwise sound\\nplayback will result in a NULL pointer dereference or other effect of\\nuninitialized memory accesses (which was confirmed on SDM845 having\\nsimilar issue).\"},{\"lang\":\"es\",\"value\":\" En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 (\\\"ASoC: qcom: Move Soundwire runtime stream alloc to soundcards\\\") movi\u00f3 la asignaci\u00f3n de tiempo de ejecuci\u00f3n de flujo Soundwire del controlador Qualcomm Soundwire al controlador de tarjeta de sonido de cada m\u00e1quina individual, excepto que olvid\u00f3 actualizar la tarjeta SC7280. Al igual que para otras tarjetas de sonido Qualcomm que usan Soundwire, el controlador de la tarjeta debe asignar y liberar el tiempo de ejecuci\u00f3n. De lo contrario, la reproducci\u00f3n de sonido dar\u00e1 como resultado una desreferencia de puntero NULL u otro efecto de accesos a memoria no inicializados (lo que se confirm\u00f3 en SDM845 que ten\u00eda un problema similar).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.8\",\"versionEndExcluding\":\"6.11.6\",\"matchCriteriaId\":\"2CAA29A6-36B4-4C90-A862-A816F65153DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/176a41ebec42a921277cd34e8c0c2e776a9dd6c4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/db7e59e6a39a4d3d54ca8197c796557e6d480b0d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.