| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061950-CVE-2024-38550-a20b@gregkh> Date: Wed, 19 Jun 2024 15:35:59 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-38550: ASoC: kirkwood: Fix potential NULL dereference Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. The Linux kernel CVE team has assigned CVE-2024-38550 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit bb6a40fc5a83 and fixed in 5.15.161 with commit d48d0c5fd733 Issue introduced in 5.14 with commit bb6a40fc5a83 and fixed in 6.1.93 with commit de9987cec6fd Issue introduced in 5.14 with commit bb6a40fc5a83 and fixed in 6.6.33 with commit 1a7254525ca7 Issue introduced in 5.14 with commit bb6a40fc5a83 and fixed in 6.8.12 with commit 5bf5154739cd Issue introduced in 5.14 with commit bb6a40fc5a83 and fixed in 6.9.3 with commit 802b49e39da6 Issue introduced in 5.14 with commit bb6a40fc5a83 and fixed in 6.10-rc1 with commit ea60ab95723f Issue introduced in 5.13.12 with commit 145951900b76 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-38550 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/kirkwood/kirkwood-dma.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d48d0c5fd733bd6d8d3ddb2ed553777ab4724169 https://git.kernel.org/stable/c/de9987cec6fde1dd41dfcb971433e05945852489 https://git.kernel.org/stable/c/1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c https://git.kernel.org/stable/c/5bf5154739cd676b6d0958079070557c8d96afb6 https://git.kernel.org/stable/c/802b49e39da669b54bd9b77dc3c649999a446bf6 https://git.kernel.org/stable/c/ea60ab95723f5738e7737b56dda95e6feefa5b50
Powered by blists - more mailing lists