5.5
CVE-2024-50160
- EPSS 0.22%
- Veröffentlicht 07.11.2024 10:15:07
- Zuletzt bearbeitet 03.11.2025 23:16:56
- CVE-Watchlists
- Unerledigt
ALSA: hda/cs8409: Fix possible NULL dereference
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 5.15.170
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.115
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.59
Linux ≫ Linux Kernel Version >= 6.7 < 6.11.6
Linux ≫ Linux Kernel Version6.12 Updaterc1
Linux ≫ Linux Kernel Version6.12 Updaterc2
Linux ≫ Linux Kernel Version6.12 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.118 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/21dc97d5086fdabbe278786bb0a03cbf2e26c793
https://git.kernel.org/stable/c/4e19aca8db696b6ba4dd8c73657405e15c695f14
https://git.kernel.org/stable/c/8971fd61210d75fd2af225621cd2fcc87eb1847c
https://git.kernel.org/stable/c/a5dd71a8b849626f42d08a5e73d382f2016fc7bc
https://git.kernel.org/stable/c/c9bd4a82b4ed32c6d1c90500a52063e6e341517f
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html