LinuxCVELIST:CVE-2024-38605CVE-2024-38605 ALSA: core: Fix NULL module pointer assignment at card init
0.0004 Low
EPSS
Percentile
10.4%
In the Linux kernel, the following vulnerability has been resolved:
ALSA: core: Fix NULL module pointer assignment at card init
The commit 81033c6b584b (“ALSA: core: Warn on empty module”)
introduced a WARN_ON() for a NULL module pointer passed at snd_card
object creation, and it also wraps the code around it with ‘#ifdef
MODULE’. This works in most cases, but the devils are always in
details. “MODULE” is defined when the target code (i.e. the sound
core) is built as a module; but this doesn’t mean that the caller is
also built-in or not. Namely, when only the sound core is built-in
(CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m),
the passed module pointer is ignored even if it’s non-NULL, and
card->module remains as NULL. This would result in the missing module
reference up/down at the device open/close, leading to a race with the
code execution after the module removal.
For addressing the bug, move the assignment of card->module again out
of ifdef. The WARN_ON() is still wrapped with ifdef because the
module can be really NULL when all sound drivers are built-in.
Note that we keep ‘ifdef MODULE’ for WARN_ON(), otherwise it would
lead to a false-positive NULL module check. Admittedly it won’t catch
perfectly, i.e. no check is performed when CONFIG_SND=y. But, it’s no
real problem as it’s only for debugging, and the condition is pretty
rare.
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"sound/core/init.c"
],
"versions": [
{
"version": "81033c6b584b",
"lessThan": "d7ff29a429b5",
"status": "affected",
"versionType": "git"
},
{
"version": "81033c6b584b",
"lessThan": "e7e0ca200772",
"status": "affected",
"versionType": "git"
},
{
"version": "81033c6b584b",
"lessThan": "e00747672573",
"status": "affected",
"versionType": "git"
},
{
"version": "81033c6b584b",
"lessThan": "e644036a3e2b",
"status": "affected",
"versionType": "git"
},
{
"version": "81033c6b584b",
"lessThan": "c935e72139e6",
"status": "affected",
"versionType": "git"
},
{
"version": "81033c6b584b",
"lessThan": "6b8374ee2cab",
"status": "affected",
"versionType": "git"
},
{
"version": "81033c6b584b",
"lessThan": "39381fe7394e",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"sound/core/init.c"
],
"versions": [
{
"version": "5.9",
"status": "affected"
},
{
"version": "0",
"lessThan": "5.9",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.219",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.161",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.93",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.33",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8.12",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.9.3",
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.10-rc1",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1
git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12
git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5
git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434
git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e
git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92
git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811
Related
