5.5

CVE-2024-38551

ASoC: mediatek: Assign dummy when codec not specified for a DAI link

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: Assign dummy when codec not specified for a DAI link

MediaTek sound card drivers are checking whether a DAI link is present
and used on a board to assign the correct parameters and this is done
by checking the codec DAI names at probe time.

If no real codec is present, assign the dummy codec to the DAI link
to avoid NULL pointer during string comparison.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.3 < 6.6.33
LinuxLinux Kernel Version >= 6.7 < 6.8.12
LinuxLinux Kernel Version >= 6.9 < 6.9.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.143
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9
Patch
https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8
Patch
https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158
Patch
https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226
Patch