CVE-2024-43818

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: amd: Adjust error handling in case of absent codec device

acpi_get_first_physical_node() can return NULL in several cases (no such device, ACPI table error, reference count drop to 0, etc). Existing check just emit error message, but doesn't perform return. Then this NULL pointer is passed to devm_acpi_dev_add_driver_gpios() where it is dereferenced.

Adjust this error handling by adding error code return.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux02527c3f2300100a25524c8c020d98c7957e485e < 1ba9856cf7f6492b47c1edf853137f320d583db5affected
LinuxLinux02527c3f2300100a25524c8c020d98c7957e485e < 99b642dac24f6d09ba3ebf1d690be8aefff86164affected
LinuxLinux02527c3f2300100a25524c8c020d98c7957e485e < b1173d64edd276c957b6d09e1f971c85b38f1519affected
LinuxLinux02527c3f2300100a25524c8c020d98c7957e485e < 5080808c3339de2220c602ab7c7fa23dc6c1a5a3affected
LinuxLinux6.0affected
LinuxLinux0 < 6.0unaffected
LinuxLinux6.1.103 <= 6.1.*unaffected
LinuxLinux6.6.44 <= 6.6.*unaffected
LinuxLinux6.10.3 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References