7.7

CVE-2024-36955

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

The documentation for device_get_named_child_node() mentions this
important point:

"
The caller is responsible for calling fwnode_handle_put() on the
returned fwnode pointer.
"

Add fwnode_handle_put() to avoid a leaked reference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.12 < 5.15.159
LinuxLinux Kernel Version >= 5.16 < 6.1.91
LinuxLinux Kernel Version >= 6.2 < 6.6.31
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
LinuxLinux Kernel Version6.9 Updaterc3
LinuxLinux Kernel Version6.9 Updaterc4
LinuxLinux Kernel Version6.9 Updaterc5
LinuxLinux Kernel Version6.9 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.152
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.7 2.5 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://git.kernel.org/stable/c/722d33c442e66e4aabd3e778958d696ff3a2777e
Patch
https://git.kernel.org/stable/c/7db626d2730d3d80fd31638169054b1e507f07bf
Patch
https://git.kernel.org/stable/c/7ef6ecf98ce309b1f4e5a25cddd5965d01feea07
Patch
https://git.kernel.org/stable/c/bd2d9641a39e6b5244230c4b41c4aca83b54b377
Patch
https://git.kernel.org/stable/c/c158cf914713efc3bcdc25680c7156c48c12ef6a
Patch