CVE-2024-36955

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

Severity Score

7.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

The documentation for device_get_named_child_node() mentions this
important point:

"
The caller is responsible for calling fwnode_handle_put() on the
returned fwnode pointer.
"

Add fwnode_handle_put() to avoid a leaked reference.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: intel-sdw-acpi: corrige el uso de device_get_named_child_node() La documentación para device_get_named_child_node() menciona este punto importante: "La persona que llama es responsable de llamar a fwnode_handle_put() en el puntero fwnode devuelto. "Agregue fwnode_handle_put() para evitar una referencia filtrada.

*Credits: N/A

CVSS Scores

CISAv3.1 7.7

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-05-31 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/08c2a4bc9f2acaefbd0158866db5cb3238a68674	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/bd2d9641a39e6b5244230c4b41c4aca83b54b377	2024-05-17
https://git.kernel.org/stable/c/722d33c442e66e4aabd3e778958d696ff3a2777e	2024-05-17
https://git.kernel.org/stable/c/7db626d2730d3d80fd31638169054b1e507f07bf	2024-05-17
https://git.kernel.org/stable/c/7ef6ecf98ce309b1f4e5a25cddd5965d01feea07	2024-05-17
https://git.kernel.org/stable/c/c158cf914713efc3bcdc25680c7156c48c12ef6a	2024-04-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.15.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.15.159"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.9"		en		Affected