CVE-2024-50160

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/cs8409: Fix possible NULL dereference

If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line.

Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux20e507724113300794f16884e7e7507d9b4dec68 < 4e19aca8db696b6ba4dd8c73657405e15c695f14affected
LinuxLinux20e507724113300794f16884e7e7507d9b4dec68 < 21dc97d5086fdabbe278786bb0a03cbf2e26c793affected
LinuxLinux20e507724113300794f16884e7e7507d9b4dec68 < 8971fd61210d75fd2af225621cd2fcc87eb1847caffected
LinuxLinux20e507724113300794f16884e7e7507d9b4dec68 < a5dd71a8b849626f42d08a5e73d382f2016fc7bcaffected
LinuxLinux20e507724113300794f16884e7e7507d9b4dec68 < c9bd4a82b4ed32c6d1c90500a52063e6e341517faffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.170 <= 5.15.*unaffected
LinuxLinux6.1.115 <= 6.1.*unaffected
LinuxLinux6.6.59 <= 6.6.*unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References