CVE-2024-42089

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-42089
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed Patch
https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9 Patch
https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a Patch
https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6 Patch
https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a Patch
https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac Patch
https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245 Patch
https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a Patch
https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed Patch
https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9 Patch
https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a Patch
https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6 Patch
https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a Patch
https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac Patch
https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245 Patch
https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*
History

No history.

Information

Published : 2024-07-29 17:15

Updated : 2025-11-03 22:17

NVD link : CVE-2024-42089

Mitre link : CVE-2024-42089

CVE.ORG link : CVE-2024-42089

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference