CVE-2024-35842

ASoC: mediatek: sof-common: Add NULL check for normal_link string

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: sof-common: Add NULL check for normal_link string

It's not granted that all entries of struct sof_conn_stream declare
a `normal_link` (a non-SOF, direct link) string, and this is the case
for SoCs that support only SOF paths (hence do not support both direct
and SOF usecases).

For example, in the case of MT8188 there is no normal_link string in
any of the sof_conn_stream entries and there will be more drivers
doing that in the future.

To avoid possible NULL pointer KPs, add a NULL check for `normal_link`.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: sof-common: Agregar verificación NULL para la cadena normal_link No se garantiza que todas las entradas de la estructura sof_conn_stream declaren una cadena `normal_link` (un enlace directo no SOF) , y este es el caso de los SoC que solo admiten rutas SOF (por lo tanto, no admiten casos de uso directos y SOF). Por ejemplo, en el caso de MT8188 no hay una cadena normal_link en ninguna de las entradas de sof_conn_stream y habrá más controladores que lo hagan en el futuro. Para evitar posibles KP de puntero NULL, agregue una verificación NULL para `normal_link`.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/0caf1120c58395108344d5df4e09359b67e95094	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/cad471227a37c0c7c080bfc9ed01b53750e82afe	2024-01-25
https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd	2024-01-25
https://git.kernel.org/stable/c/cde6ca5872bf67744dffa875a7cb521ab007b7ef	2024-01-25
https://git.kernel.org/stable/c/e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed	2024-01-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.8"		en		Affected