Lucene search

LinuxCVE-2024-40964

HistoryJul 12, 2024 - 1:15 p.m.

CVE-2024-40964

2024-07-1213:15:18

CWE-476

Linux

web.nvd.nist.gov

linux kernel

alsa

hda

cs35l41

null pointer dereference

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()

The cs35l41_hda_unbind() function clears the hda_component entry
matching it’s index and then dereferences the codec pointer held in the
first element of the hda_component array, this is an issue when the
device index was 0.

Instead use the codec pointer stashed in the cs35l41_hda structure as it
will still be valid.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange6.6–6.6.36

linuxlinux_kernelRange6.7–6.9.7

linuxlinux_kernelMatch6.10rc1

linuxlinux_kernelMatch6.10rc2

linuxlinux_kernelMatch6.10rc3

linuxlinux_kernelMatch6.10rc4

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
linuxlinux_kernel6.10cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
linux	linux_kernel	6.10	cpe:2.3:o:linux:linux_kernel:6.10:rc4::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "sound/pci/hda/cs35l41_hda.c"
    ],
    "versions": [
      {
        "version": "7cf5ce66dfda",
        "lessThan": "ff27bd8e1788",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7cf5ce66dfda",
        "lessThan": "19be722369c3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7cf5ce66dfda",
        "lessThan": "6386682cdc8b",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "sound/pci/hda/cs35l41_hda.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.36",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.7",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]