5.5

CVE-2024-39473

ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

If a process module does not have base config extension then the same
format applies to all of it's inputs and the process->base_config_ext is
NULL, causing NULL dereference when specifically crafted topology and
sequences used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.4
LinuxLinux Kernel Version >= 6.6 < 6.6.34
LinuxLinux Kernel Version >= 6.9 < 6.9.5
LinuxLinux Kernel Version6.10.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.113
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368
Patch
Mailing List
https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6
Patch
Mailing List
https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8
Patch
Mailing List