CVE-2024-50292

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] To avoid this issue, release channel only if the pointer is valid.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28	Patch
https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88	Patch
https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39	Patch
https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db	Patch
https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c	Patch
https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::

History

07 Jan 2025, 16:10

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28 -~~	() https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28 - Patch
References	~~() https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88 -~~	() https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88 - Patch
References	~~() https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39 -~~	() https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39 - Patch
References	~~() https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db -~~	() https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db - Patch
References	~~() https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c -~~	() https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c - Patch
References	~~() https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f -~~	() https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f - Patch
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
First Time		Linux linux Kernel Linux

19 Nov 2024, 21:57

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: stm32: spdifrx: corrige la liberación del canal DMA en stm32_spdifrx_remove En caso de error al solicitar el canal DMA ctrl_chan, ctrl_chan no es nulo. Por lo tanto, la liberación del canal DMA genera el siguiente problema: [4.879000] st,stm32-spdifrx 500d0000.audio-controller: error dma_request_slave_channel -19 [4.888975] No se puede manejar la desreferencia del puntero NULL del núcleo en la dirección virtual 000000000000003d [...] [5.096577] Rastreo de llamadas: [5.099099] dma_release_channel+0x24/0x100 [5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] Para evitar este problema, libere el canal solo si el puntero es válido.

19 Nov 2024, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-19 02:16

Updated : 2025-01-07 16:10

NVD link : CVE-2024-50292

Mitre link : CVE-2024-50292

CVE.ORG link : CVE-2024-50292

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10