CVE-2024-41069

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: topology: Fix references to freed memory

Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup(), to allocate memory as needed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7df04ea7a31eaa75bdad2905f07cc097b15558ee < b188d7f3dfab10e332e3c1066e18857964a520d2affected
LinuxLinux7df04ea7a31eaa75bdad2905f07cc097b15558ee < ab5a6208b4d6872b1c6ecea1867940fc668cc76daffected
LinuxLinux7df04ea7a31eaa75bdad2905f07cc097b15558ee < ccae5c6a1fab9494c86b7856faf05e296c617702affected
LinuxLinux7df04ea7a31eaa75bdad2905f07cc097b15558ee < 97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1affected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux6.1.101 <= 6.1.*unaffected
LinuxLinux6.6.42 <= 6.6.*unaffected
LinuxLinux6.9.11 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References