5.5

CVE-2024-50160

ALSA: hda/cs8409: Fix possible NULL dereference

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/cs8409: Fix possible NULL dereference

If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then
NULL pointer dereference will occur in the next line.

Since dolphin_fixups function is a hda_fixup function which is not supposed
to return any errors, add simple check before dereference, ignore the fail.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.170
LinuxLinux Kernel Version >= 5.16 < 6.1.115
LinuxLinux Kernel Version >= 6.2 < 6.6.59
LinuxLinux Kernel Version >= 6.7 < 6.11.6
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.118
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/21dc97d5086fdabbe278786bb0a03cbf2e26c793
Patch
https://git.kernel.org/stable/c/4e19aca8db696b6ba4dd8c73657405e15c695f14
Patch
https://git.kernel.org/stable/c/8971fd61210d75fd2af225621cd2fcc87eb1847c
Patch
https://git.kernel.org/stable/c/a5dd71a8b849626f42d08a5e73d382f2016fc7bc
Patch
https://git.kernel.org/stable/c/c9bd4a82b4ed32c6d1c90500a52063e6e341517f
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html