CVE-2024-38551
ASoC: mediatek: Assign dummy when codec not specified for a DAI link
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present
and used on a board to assign the correct parameters and this is done
by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link
to avoid NULL pointer during string comparison.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: Asignar dummy cuando el códec no está especificado para un enlace DAI Los controladores de la tarjeta de sonido MediaTek están comprobando si hay un enlace DAI presente y utilizado en una placa para asignar los parámetros correctos y esto se realiza comprobando los nombres DAI del códec en el momento de la sonda. Si no hay ningún códec real, asigne el códec ficticio al enlace DAI para evitar el puntero NULL durante la comparación de cadenas.
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link to avoid NULL pointer during string comparison.
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/4302187d955f166c03b4fa7c993b89ffbabfca4e | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.8.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.9.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.3 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.10" | en |
Affected
| ||||||