{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42088", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.171Z", "datePublished": "2024-07-29T16:26:28.523Z", "dateUpdated": "2024-11-05T09:37:10.297Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:10.297Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link\n\nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component\nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE\ndai link entirely instead of replacing it with COMP_EMPTY(). This worked\nby accident as the remaining COMP_EMPTY() platform entry became the codec\nentry, and the platform entry became completely empty, effectively the\nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything\nfor platform entries.\n\nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()\nin sound/soc/mediatek/common/mtk-soundcard-driver.c:\n\n\tfor_each_card_prelinks(card, i, dai_link) {\n\t\tif (adsp_node && !strncmp(dai_link->name, \"AFE_SOF\", strlen(\"AFE_SOF\")))\n\t\t\tdai_link->platforms->of_node = adsp_node;\n\t\telse if (!dai_link->platforms->name && !dai_link->platforms->of_node)\n\t\t\tdai_link->platforms->of_node = platform_node;\n\t}\n\nwhere the code expects the platforms array to have space for at least one entry.\n\nAdd an COMP_EMPTY() entry so that dai_link->platforms has space."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/mediatek/mt8195/mt8195-mt6359.c"], "versions": [{"version": "e70b8dd26711", "lessThan": "42b9ab7a4d7e", "status": "affected", "versionType": "git"}, {"version": "e70b8dd26711", "lessThan": "282a4482e198", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/mediatek/mt8195/mt8195-mt6359.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad"}, {"url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55"}], "title": "ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.140Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42088", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:47.495476Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:56.751Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.140Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42088", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:47.495476Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.769Z"}}], "cna": {"title": "ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e70b8dd26711", "lessThan": "42b9ab7a4d7e", "versionType": "git"}, {"status": "affected", "version": "e70b8dd26711", "lessThan": "282a4482e198", "versionType": "git"}], "programFiles": ["sound/soc/mediatek/mt8195/mt8195-mt6359.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "semver"}, {"status": "unaffected", "version": "6.9.8", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/mediatek/mt8195/mt8195-mt6359.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad"}, {"url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link\n\nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component\nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE\ndai link entirely instead of replacing it with COMP_EMPTY(). This worked\nby accident as the remaining COMP_EMPTY() platform entry became the codec\nentry, and the platform entry became completely empty, effectively the\nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything\nfor platform entries.\n\nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()\nin sound/soc/mediatek/common/mtk-soundcard-driver.c:\n\n\tfor_each_card_prelinks(card, i, dai_link) {\n\t\tif (adsp_node && !strncmp(dai_link->name, \"AFE_SOF\", strlen(\"AFE_SOF\")))\n\t\t\tdai_link->platforms->of_node = adsp_node;\n\t\telse if (!dai_link->platforms->name && !dai_link->platforms->of_node)\n\t\t\tdai_link->platforms->of_node = platform_node;\n\t}\n\nwhere the code expects the platforms array to have space for at least one entry.\n\nAdd an COMP_EMPTY() entry so that dai_link->platforms has space."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:10.297Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42088", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:10.297Z", "dateReserved": "2024-07-29T15:50:41.171Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-29T16:26:28.523Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link\n\nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component\nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE\ndai link entirely instead of replacing it with COMP_EMPTY(). This worked\nby accident as the remaining COMP_EMPTY() platform entry became the codec\nentry, and the platform entry became completely empty, effectively the\nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything\nfor platform entries.\n\nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()\nin sound/soc/mediatek/common/mtk-soundcard-driver.c:\n\n\tfor_each_card_prelinks(card, i, dai_link) {\n\t\tif (adsp_node && !strncmp(dai_link->name, \"AFE_SOF\", strlen(\"AFE_SOF\")))\n\t\t\tdai_link->platforms->of_node = adsp_node;\n\t\telse if (!dai_link->platforms->name && !dai_link->platforms->of_node)\n\t\t\tdai_link->platforms->of_node = platform_node;\n\t}\n\nwhere the code expects the platforms array to have space for at least one entry.\n\nAdd an COMP_EMPTY() entry so that dai_link->platforms has space."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: mt8195: Agregar entrada de plataforma para el enlace dai ETDM1_OUT_BE. La confirmaci\u00f3n e70b8dd26711 (\"ASoC: mediatek: mt8195: Eliminar el componente afe-dai y volver a trabajar el enlace del c\u00f3dec\") elimin\u00f3 la entrada del c\u00f3dec. para el enlace dai ETDM1_OUT_BE por completo en lugar de reemplazarlo con COMP_EMPTY(). Esto funcion\u00f3 por accidente ya que la entrada restante de la plataforma COMP_EMPTY() se convirti\u00f3 en la entrada del c\u00f3dec, y la entrada de la plataforma qued\u00f3 completamente vac\u00eda, efectivamente lo mismo que COMP_DUMMY() ya que snd_soc_fill_dummy_dai() no hace nada para las entradas de la plataforma. Esto provoca una advertencia de fuera de los l\u00edmites de KASAN en mtk_soundcard_common_probe() en sound/soc/mediatek/common/mtk-soundcard-driver.c: for_each_card_prelinks(card, i, dai_link) { if (adsp_node && !strncmp(dai_link-> name, \"AFE_SOF\", strlen(\"AFE_SOF\"))) dai_link->platforms->of_node = adsp_node; else if (!!dai_link->platforms->name && !dai_link->platforms->of_node) dai_link->platforms->of_node = platform_node; } donde el c\u00f3digo espera que la matriz de plataformas tenga espacio para al menos una entrada. Agregue una entrada COMP_EMPTY() para que dai_link->platforms tenga espacio."}], "id": "CVE-2024-42088", "lastModified": "2024-07-30T13:33:30.653", "metrics": {}, "published": "2024-07-29T17:15:11.457", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/282a4482e198e03781c152c88aac8aa382ef9a55"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/42b9ab7a4d7e6c5efd71847541e4fcc213585aad"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link", "id": "2300540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300540"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-457", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link\nCommit e70b8dd26711 (\"ASoC: mediatek: mt8195: Remove afe-dai component\nand rework codec link\") removed the codec entry for the ETDM1_OUT_BE\ndai link entirely instead of replacing it with COMP_EMPTY(). This worked\nby accident as the remaining COMP_EMPTY() platform entry became the codec\nentry, and the platform entry became completely empty, effectively the\nsame as COMP_DUMMY() since snd_soc_fill_dummy_dai() doesn't do anything\nfor platform entries.\nThis causes a KASAN out-of-bounds warning in mtk_soundcard_common_probe()\nin sound/soc/mediatek/common/mtk-soundcard-driver.c:\nfor_each_card_prelinks(card, i, dai_link) {\nif (adsp_node && !strncmp(dai_link->name, \"AFE_SOF\", strlen(\"AFE_SOF\")))\ndai_link->platforms->of_node = adsp_node;\nelse if (!dai_link->platforms->name && !dai_link->platforms->of_node)\ndai_link->platforms->of_node = platform_node;\n}\nwhere the code expects the platforms array to have space for at least one entry.\nAdd an COMP_EMPTY() entry so that dai_link->platforms has space."], "name": "CVE-2024-42088", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42088\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42088\nhttps://lore.kernel.org/linux-cve-announce/2024072945-CVE-2024-42088-b65a@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.9.8, kernel 6.10"}