CVE-2024-40964

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()

The cs35l41_hda_unbind() function clears the hda_component entry matching it's index and then dereferences the codec pointer held in the first element of the hda_component array, this is an issue when the device index was 0.

Instead use the codec pointer stashed in the cs35l41_hda structure as it will still be valid.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1 < ff27bd8e17884f7cdefecb3f3817caadd6813dc0affected
LinuxLinux7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1 < 19be722369c347f3af1c5848e303980ed040b819affected
LinuxLinux7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1 < 6386682cdc8b41319c92fbbe421953e33a28840caffected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.36 <= 6.6.*unaffected
LinuxLinux6.9.7 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References