{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42089", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.171Z", "datePublished": "2024-07-29T16:26:29.288Z", "dateUpdated": "2024-09-11T17:33:01.199Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T16:26:29.288Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv->pdev before using it\n\npriv->pdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv->dev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won't crash\nprobably due to compiler optimisations."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/fsl/fsl-asoc-card.c"], "versions": [{"version": "708b4351f08c", "lessThan": "ae81535ce250", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "8896e18b7c36", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "3662eb2170e5", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "544ab46b7ece", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "8faf91e58425", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "29bc9e7c7539", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "7c18b4d89ff9", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "90f3feb24172", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/fsl/fsl-asoc-card.c"], "versions": [{"version": "3.18", "status": "affected"}, {"version": "0", "lessThan": "3.18", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"}, {"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"}, {"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"}, {"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"}, {"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"}, {"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"}, {"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"}, {"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"}], "title": "ASoC: fsl-asoc-card: set priv->pdev before using it", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.275Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42089", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:44.318855Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:01.199Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42089", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.171Z", "datePublished": "2024-07-29T16:26:29.288Z", "dateUpdated": "2024-08-02T04:54:32.275Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-29T16:26:29.288Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv->pdev before using it\n\npriv->pdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv->dev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won't crash\nprobably due to compiler optimisations."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/fsl/fsl-asoc-card.c"], "versions": [{"version": "708b4351f08c", "lessThan": "ae81535ce250", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "8896e18b7c36", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "3662eb2170e5", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "544ab46b7ece", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "8faf91e58425", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "29bc9e7c7539", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "7c18b4d89ff9", "status": "affected", "versionType": "git"}, {"version": "708b4351f08c", "lessThan": "90f3feb24172", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/fsl/fsl-asoc-card.c"], "versions": [{"version": "3.18", "status": "affected"}, {"version": "0", "lessThan": "3.18", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.317", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.97", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.37", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.8", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"}, {"url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"}, {"url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"}, {"url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"}, {"url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"}, {"url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"}, {"url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"}, {"url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"}], "title": "ASoC: fsl-asoc-card: set priv->pdev before using it", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42089", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:18:44.318855Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:14.084Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv->pdev before using it\n\npriv->pdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv->dev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won't crash\nprobably due to compiler optimisations."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: fsl-asoc-card: establezca priv->pdev antes de usarlo. El puntero priv->pdev se configur\u00f3 despu\u00e9s de usarse en fsl_asoc_card_audmux_init(). Mueva esta asignaci\u00f3n al inicio de la funci\u00f3n de sonda, para que las subfunciones puedan usar correctamente pdev a trav\u00e9s de priv. fsl_asoc_card_audmux_init() elimina la referencia a priv->pdev para obtener acceso a la estructura dev, utilizada con las macros dev_err. Como priv est\u00e1 inicializado en cero, habr\u00eda una desreferencia del puntero NULL. Tenga en cuenta que si se elimina la referencia a priv->dev antes de la asignaci\u00f3n pero nunca se usa, por ejemplo, si no hay ning\u00fan error que imprimir, el controlador nofallar\u00e1 probablemente debido a las optimizaciones del compilador."}], "id": "CVE-2024-42089", "lastModified": "2024-07-30T13:33:30.653", "metrics": {}, "published": "2024-07-29T17:15:11.520", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ASoC: fsl-asoc-card: set priv-->pdev before using it", "id": "2300551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300551"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: fsl-asoc-card: set priv->pdev before using it\npriv->pdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\nfsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv->dev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won't crash\nprobably due to compiler optimisations.", "A flaw was found in the `fsl-asoc-card` driver in the Linux kernel. This issue was fixed by ensuring the `priv->pdev` pointer is initialized before use. Previously, `priv->pdev` was used in the `fsl_asoc_card_audmux_init()` function before being assigned, potentially leading to a NULL pointer dereference and subsequent crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42089", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42089\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42089\nhttps://lore.kernel.org/linux-cve-announce/2024072945-CVE-2024-42089-811c@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.317, kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.97, kernel 6.6.37, kernel 6.9.8, kernel 6.10"}