CVE-2024-35842

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35842
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35842.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35842
Downstream
Related
Published
2024-05-17T15:15:21Z
Modified
2025-07-29T11:12:23.076948Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: sof-common: Add NULL check for normal_link string

It's not granted that all entries of struct sofconnstream declare a normal_link (a non-SOF, direct link) string, and this is the case for SoCs that support only SOF paths (hence do not support both direct and SOF usecases).

For example, in the case of MT8188 there is no normallink string in any of the sofconn_stream entries and there will be more drivers doing that in the future.

To avoid possible NULL pointer KPs, add a NULL check for normal_link.

References

Affected packages

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.76-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}