CVE-2024-56657

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: control: Avoid WARN() for symlink errors

Using WARN() for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each control element creation. More badly, the use of WARN() rather confuses fuzzer as if it were serious issues.

This patch downgrades the warning messages to use the normal dev_err() instead of WARN(). For making it clearer, add the function name to the prefix, too.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa135dfb5de1501327895729b4f513370d2555b4d < 4e5a92a7223c83c1f5f2db6cd010ac9347948972affected
LinuxLinuxa135dfb5de1501327895729b4f513370d2555b4d < 365ee29e559269cbb2108c4cc05dd8e262b4e84eaffected
LinuxLinuxa135dfb5de1501327895729b4f513370d2555b4d < d5a1ca7b59804d6779644001a878ed925a4688caaffected
LinuxLinuxa135dfb5de1501327895729b4f513370d2555b4d < 36c0764474b637bbee498806485bed524cad486baffected
LinuxLinuxa135dfb5de1501327895729b4f513370d2555b4d < b2e538a9827dd04ab5273bf4be8eb2edb84357b0affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.67 <= 6.6.*unaffected
LinuxLinux6.12.6 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References