Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-38388
HistoryJun 21, 2024 - 10:18 a.m.

CVE-2024-38388 ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup

2024-06-2110:18:12
Linux
www.cve.org
2
linux kernel
alsa
vulnerability
private_free
control cleanup

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup

Use the control private_free callback to free the associated data
block. This ensures that the memory won’t leak, whatever way the
control gets destroyed.

The original implementation didn’t actually remove the ALSA
controls in hda_cs_dsp_control_remove(). It only freed the internal
tracking structure. This meant it was possible to remove/unload the
amp driver while leaving its ALSA controls still present in the
soundcard. Obviously attempting to access them could cause segfaults
or at least dereferencing stale pointers.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "sound/pci/hda/hda_cs_dsp_ctl.c"
    ],
    "versions": [
      {
        "version": "3233b978af23",
        "lessThan": "191dc1b2ff0f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3233b978af23",
        "lessThan": "6e359be49750",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3233b978af23",
        "lessThan": "3291486af563",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3233b978af23",
        "lessThan": "172811e3a557",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "sound/pci/hda/hda_cs_dsp_ctl.c"
    ],
    "versions": [
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.0",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.93",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.4",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

debiancve 1
redhatcve 1
nvd 1
ubuntucve 1
vulnrichment 1
cve 1
debiancve
debiancve
CVE-2024-38388
2024-06-21 11:15:10
redhatcve
redhatcve
CVE-2024-38388
2024-06-21 14:27:28
nvd
nvd
CVE-2024-38388
2024-06-21 11:15:10
ubuntucve
ubuntucve
CVE-2024-38388
2024-06-25 00:00:00
vulnrichment
vulnrichment
CVE-2024-38388 ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
2024-06-21 10:18:12
cve
cve
CVE-2024-38388
2024-06-21 11:15:10

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for CVELIST:CVE-2024-38388
debiancve1redhatcve1nvd1ubuntucve1vulnrichment1cve1