CVE-2024-58012

EPSS 0.03%
Veröffentlicht 27.02.2025 03:15:12
Zuletzt bearbeitet 01.10.2025 21:16:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params

Each cpu DAI should associate with a widget. However, the topology might
not create the right number of DAI widgets for aggregated amps. And it
will cause NULL pointer deference.
Check that the DAI widget associated with the CPU DAI is valid to prevent
NULL pointer deference due to missing DAI widgets in topologies with
aggregated amps.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.12.14

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.069

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7

Patch

https://git.kernel.org/stable/c/789a2fbf0900982788408d3b0034e0e3f914fb3b

Patch

https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-58012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-58012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-58012

EUVD