{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50105", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T19:36:19.946Z", "datePublished": "2024-11-05T17:10:40.119Z", "dateUpdated": "2024-11-19T01:16:42.896Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-19T01:16:42.896Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc\n\nCommit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to\nsoundcards\") moved the allocation of Soundwire stream runtime from the\nQualcomm Soundwire driver to each individual machine sound card driver,\nexcept that it forgot to update SC7280 card.\n\nJust like for other Qualcomm sound cards using Soundwire, the card\ndriver should allocate and release the runtime. Otherwise sound\nplayback will result in a NULL pointer dereference or other effect of\nuninitialized memory accesses (which was confirmed on SDM845 having\nsimilar issue)."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/qcom/Kconfig", "sound/soc/qcom/sc7280.c"], "versions": [{"version": "15c7fab0e047", "lessThan": "176a41ebec42", "status": "affected", "versionType": "git"}, {"version": "15c7fab0e047", "lessThan": "db7e59e6a39a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/qcom/Kconfig", "sound/soc/qcom/sc7280.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.6", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/176a41ebec42a921277cd34e8c0c2e776a9dd6c4"}, {"url": "https://git.kernel.org/stable/c/db7e59e6a39a4d3d54ca8197c796557e6d480b0d"}], "title": "ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc", "x_generator": {"engine": "bippy-8e903de6a542"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CAA29A6-36B4-4C90-A862-A816F65153DB", "versionEndExcluding": "6.11.6", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc\n\nCommit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to\nsoundcards\") moved the allocation of Soundwire stream runtime from the\nQualcomm Soundwire driver to each individual machine sound card driver,\nexcept that it forgot to update SC7280 card.\n\nJust like for other Qualcomm sound cards using Soundwire, the card\ndriver should allocate and release the runtime. Otherwise sound\nplayback will result in a NULL pointer dereference or other effect of\nuninitialized memory accesses (which was confirmed on SDM845 having\nsimilar issue)."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to soundcards\") movi\u00f3 la asignaci\u00f3n de tiempo de ejecuci\u00f3n de flujo Soundwire del controlador Qualcomm Soundwire al controlador de tarjeta de sonido de cada m\u00e1quina individual, excepto que olvid\u00f3 actualizar la tarjeta SC7280. Al igual que para otras tarjetas de sonido Qualcomm que usan Soundwire, el controlador de la tarjeta debe asignar y liberar el tiempo de ejecuci\u00f3n. De lo contrario, la reproducci\u00f3n de sonido dar\u00e1 como resultado una desreferencia de puntero NULL u otro efecto de accesos a memoria no inicializados (lo que se confirm\u00f3 en SDM845 que ten\u00eda un problema similar)."}], "id": "CVE-2024-50105", "lastModified": "2024-11-12T15:06:14.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-05T18:15:14.063", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/176a41ebec42a921277cd34e8c0c2e776a9dd6c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/db7e59e6a39a4d3d54ca8197c796557e6d480b0d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc", "id": "2323949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323949"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc\nCommit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to\nsoundcards\") moved the allocation of Soundwire stream runtime from the\nQualcomm Soundwire driver to each individual machine sound card driver,\nexcept that it forgot to update SC7280 card.\nJust like for other Qualcomm sound cards using Soundwire, the card\ndriver should allocate and release the runtime. Otherwise sound\nplayback will result in a NULL pointer dereference or other effect of\nuninitialized memory accesses (which was confirmed on SDM845 having\nsimilar issue)."], "name": "CVE-2024-50105", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50105\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50105\nhttps://lore.kernel.org/linux-cve-announce/2024110553-CVE-2024-50105-6efa@gregkh/T"], "threat_severity": "Moderate"}