CVE-2024-50292

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d […] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]

To avoid this issue, release channel only if the pointer is valid.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux794df9448edb55978e50372f083aeedade1b2844 < 3a977b554f668382dfba31fd62e4cce4fe5643dbaffected
LinuxLinux794df9448edb55978e50372f083aeedade1b2844 < 0d75f887aabd80cf37ea48d28f159afa7850ea28affected
LinuxLinux794df9448edb55978e50372f083aeedade1b2844 < 4f1d74f74752eab8af6b8b28797dc6490d57374caffected
LinuxLinux794df9448edb55978e50372f083aeedade1b2844 < 23bdbd1ef3e063e03d3c50c15a591b005ebbae39affected
LinuxLinux794df9448edb55978e50372f083aeedade1b2844 < 22ae9321054cf7f36c537702af133659f51a0b88affected
LinuxLinux794df9448edb55978e50372f083aeedade1b2844 < 9bb4af400c386374ab1047df44c508512c08c31faffected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.230 <= 5.10.*unaffected
LinuxLinux5.15.172 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References