// For flags

CVE-2024-39491

ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

Severity Score

4.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

The cs_dsp instance is initialized in the driver probe() so it
should be freed in the driver remove(). Also fix a missing call
to cs_dsp_remove() in the error path of cs35l56_hda_common_probe().

The call to cs_dsp_remove() was being done in the component unbind
callback cs35l56_hda_unbind(). This meant that if the driver was
unbound and then re-bound it would be using an uninitialized cs_dsp
instance.

It is best to initialize the cs_dsp instance in probe() so that it
can return an error if it fails. The component binding API doesn't
have any error handling so there's no way to handle a failure if
cs_dsp was initialized in the bind.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: cs35l56: Corrección de duración de la instancia cs_dsp La instancia cs_dsp se inicializa en el controlador probe() por lo que debe liberarse en el controlador remove(). También corrija una llamada faltante a cs_dsp_remove() en la ruta de error de cs35l56_hda_common_probe(). La llamada a cs_dsp_remove() se realizaba en la devolución de llamada de desvinculación del componente cs35l56_hda_unbind(). Esto significaba que si el controlador no estaba vinculado y luego se volvía a vincular, estaría utilizando una instancia cs_dsp no inicializada. Es mejor inicializar la instancia cs_dsp en probe() para que pueda devolver un error si falla. La API de enlace de componentes no tiene ningún control de errores, por lo que no hay forma de controlar un error si cs_dsp se inicializó en el enlace.

A flaw was found in the Linux kernel's HDA driver before initialization. This issue occurs when a user unloads and then reloads the module, and could allow a local user to crash the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-25 CVE Reserved
  • 2024-07-10 CVE Published
  • 2024-07-10 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.6.33
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.33"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.9.4
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.9.4"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.10
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.10"
en
Affected