CVE-2024-39491

ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance

The cs_dsp instance is initialized in the driver probe() so it
should be freed in the driver remove(). Also fix a missing call
to cs_dsp_remove() in the error path of cs35l56_hda_common_probe().

The call to cs_dsp_remove() was being done in the component unbind
callback cs35l56_hda_unbind(). This meant that if the driver was
unbound and then re-bound it would be using an uninitialized cs_dsp
instance.

It is best to initialize the cs_dsp instance in probe() so that it
can return an error if it fails. The component binding API doesn't
have any error handling so there's no way to handle a failure if
cs_dsp was initialized in the bind.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: cs35l56: Corrección de duración de la instancia cs_dsp La instancia cs_dsp se inicializa en el controlador probe() por lo que debe liberarse en el controlador remove(). También corrija una llamada faltante a cs_dsp_remove() en la ruta de error de cs35l56_hda_common_probe(). La llamada a cs_dsp_remove() se realizaba en la devolución de llamada de desvinculación del componente cs35l56_hda_unbind(). Esto significaba que si el controlador no estaba vinculado y luego se volvía a vincular, estaría utilizando una instancia cs_dsp no inicializada. Es mejor inicializar la instancia cs_dsp en probe() para que pueda devolver un error si falla. La API de enlace de componentes no tiene ningún control de errores, por lo que no hay forma de controlar un error si cs_dsp se inicializó en el enlace.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-25 CVE Reserved
2024-07-10 CVE Published
2024-07-10 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/73cfbfa9caea8eda54b4c6e49a9555533660aa1e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1	2024-06-12
https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303	2024-06-12
https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e	2024-05-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.9.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.9.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.10"		en		Affected