| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024072945-CVE-2024-42089-811c@gregkh> Date: Mon, 29 Jul 2024 18:26:48 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-42089: ASoC: fsl-asoc-card: set priv->pdev before using it Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. The Linux kernel CVE team has assigned CVE-2024-42089 to this issue. Affected and fixed versions =========================== Issue introduced in 3.18 with commit 708b4351f08c and fixed in 4.19.317 with commit ae81535ce250 Issue introduced in 3.18 with commit 708b4351f08c and fixed in 5.4.279 with commit 8896e18b7c36 Issue introduced in 3.18 with commit 708b4351f08c and fixed in 5.10.221 with commit 3662eb2170e5 Issue introduced in 3.18 with commit 708b4351f08c and fixed in 5.15.162 with commit 544ab46b7ece Issue introduced in 3.18 with commit 708b4351f08c and fixed in 6.1.97 with commit 8faf91e58425 Issue introduced in 3.18 with commit 708b4351f08c and fixed in 6.6.37 with commit 29bc9e7c7539 Issue introduced in 3.18 with commit 708b4351f08c and fixed in 6.9.8 with commit 7c18b4d89ff9 Issue introduced in 3.18 with commit 708b4351f08c and fixed in 6.10 with commit 90f3feb24172 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-42089 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/fsl/fsl-asoc-card.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9 https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6 https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245
Powered by blists - more mailing lists