CVE-2024-38388
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38388
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38388.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38388
- Downstream
- Related
- Published
- 2024-06-21T10:18:12.995Z
- Modified
- 2025-11-20T04:49:48.874202Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/csdspctl: Use private_free for control cleanup
Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed.
The original implementation didn't actually remove the ALSA controls in hdacsdspcontrolremove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13
- https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff
- https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740
- https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3233b978af23f11b4ad4f7f11a9a64bd05702b1fFixed191dc1b2ff0fb35e7aff15a53224837637df8bff
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3233b978af23f11b4ad4f7f11a9a64bd05702b1fFixed6e359be4975006ff72818e79dad8fe48293f2eb2
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3233b978af23f11b4ad4f7f11a9a64bd05702b1fFixed3291486af5636540980ea55bae985f3eaa5b0740
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3233b978af23f11b4ad4f7f11a9a64bd05702b1fFixed172811e3a557d8681a5e2d0f871dc04a2d17eb13
Affected versions
v5.*
v5.19
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.9
v6.1.90
v6.1.91
v6.1.92
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
Database specific
vanir_signatures
[
{
"digest": {
"length": 85.0,
"function_hash": "184529867321591648848454497588448013331"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3291486af5636540980ea55bae985f3eaa5b0740",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_control_remove",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-05d63e8b",
"signature_type": "Function"
},
{
"digest": {
"length": 860.0,
"function_hash": "110910743785747251479778597982401315456"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e359be4975006ff72818e79dad8fe48293f2eb2",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_add_kcontrol",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-0cf8e5fd",
"signature_type": "Function"
},
{
"digest": {
"length": 994.0,
"function_hash": "334329978808061139059162485657355107426"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e359be4975006ff72818e79dad8fe48293f2eb2",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_control_add",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-28379564",
"signature_type": "Function"
},
{
"digest": {
"length": 85.0,
"function_hash": "184529867321591648848454497588448013331"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e359be4975006ff72818e79dad8fe48293f2eb2",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_control_remove",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-34b1f838",
"signature_type": "Function"
},
{
"digest": {
"length": 860.0,
"function_hash": "110910743785747251479778597982401315456"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@172811e3a557d8681a5e2d0f871dc04a2d17eb13",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_add_kcontrol",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-47c7fbd9",
"signature_type": "Function"
},
{
"digest": {
"length": 85.0,
"function_hash": "184529867321591648848454497588448013331"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@172811e3a557d8681a5e2d0f871dc04a2d17eb13",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_control_remove",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-58980646",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"82305389167238588618741565159203419806",
"274704770385510432300321556877520040999",
"121213651121791835501097549373836187390",
"86912459370956624006171528007426723125",
"168923445024026009563937617426532965367",
"69909119391811914032114497317951300232",
"208640262402593377997697320028299114518",
"36170917808475142913871713095988772856",
"200710621718229804556863927080045683487",
"103652904395198323812555537158648192664",
"269243244076439368946418109736805300420",
"225481667666464923879493308783695440545",
"203344442669194797248736878427061548018",
"200031720141735654227253172473515316414",
"119112859086686824159035009335680136695",
"214545612514034197538434282705505391452",
"242069390422519832970788561343077453101",
"41118564849206784510465215117961429759",
"62527126661214536694614122184634538018",
"219041027997379402998853516185112353711",
"319861451918731333906608966206219488999",
"48753661440361771887805148352756859359",
"88003977171591573997778853534079210711",
"219846566171416006638374588111114814899",
"18325378354329123858362529359430665963",
"222305545036300119757199029491827376796",
"196928947564194178213904773623572088652",
"292633975836484577665966094103345942659",
"293733203014534872160338519294845827081",
"325726028574714323751315855469608083067",
"310490631461938804479391168144748620156",
"112129766877318665892031114480726741761",
"304673767298101922571614685245625049618",
"196065605853873133995035286160946754211",
"324375982010981846922088592258100105204",
"187149738068523794604400132549803243303",
"183201359914991437961200912677273703865",
"313493428779461625318110959557295589449",
"252615720184228174143791126348203839174",
"256950694021250246874437092898643402304",
"81405840595769310925114032863508503862",
"110426032881237125757709549559088165109",
"100516423495761567152164637568732173146",
"71496129069303711665349781654907569537"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6e359be4975006ff72818e79dad8fe48293f2eb2",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-62493d1f",
"signature_type": "Line"
},
{
"digest": {
"length": 860.0,
"function_hash": "110910743785747251479778597982401315456"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3291486af5636540980ea55bae985f3eaa5b0740",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_add_kcontrol",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-693506dc",
"signature_type": "Function"
},
{
"digest": {
"length": 994.0,
"function_hash": "334329978808061139059162485657355107426"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3291486af5636540980ea55bae985f3eaa5b0740",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_control_add",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-7646219f",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"82305389167238588618741565159203419806",
"274704770385510432300321556877520040999",
"121213651121791835501097549373836187390",
"86912459370956624006171528007426723125",
"168923445024026009563937617426532965367",
"69909119391811914032114497317951300232",
"208640262402593377997697320028299114518",
"36170917808475142913871713095988772856",
"200710621718229804556863927080045683487",
"103652904395198323812555537158648192664",
"269243244076439368946418109736805300420",
"225481667666464923879493308783695440545",
"203344442669194797248736878427061548018",
"200031720141735654227253172473515316414",
"119112859086686824159035009335680136695",
"214545612514034197538434282705505391452",
"242069390422519832970788561343077453101",
"41118564849206784510465215117961429759",
"62527126661214536694614122184634538018",
"219041027997379402998853516185112353711",
"319861451918731333906608966206219488999",
"48753661440361771887805148352756859359",
"88003977171591573997778853534079210711",
"219846566171416006638374588111114814899",
"18325378354329123858362529359430665963",
"222305545036300119757199029491827376796",
"196928947564194178213904773623572088652",
"292633975836484577665966094103345942659",
"293733203014534872160338519294845827081",
"325726028574714323751315855469608083067",
"310490631461938804479391168144748620156",
"112129766877318665892031114480726741761",
"304673767298101922571614685245625049618",
"196065605853873133995035286160946754211",
"324375982010981846922088592258100105204",
"187149738068523794604400132549803243303",
"183201359914991437961200912677273703865",
"313493428779461625318110959557295589449",
"252615720184228174143791126348203839174",
"256950694021250246874437092898643402304",
"81405840595769310925114032863508503862",
"110426032881237125757709549559088165109",
"100516423495761567152164637568732173146",
"71496129069303711665349781654907569537"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@172811e3a557d8681a5e2d0f871dc04a2d17eb13",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-8d8025a0",
"signature_type": "Line"
},
{
"digest": {
"length": 994.0,
"function_hash": "334329978808061139059162485657355107426"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@172811e3a557d8681a5e2d0f871dc04a2d17eb13",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "hda_cs_dsp_control_add",
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-9a7c3be1",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"82305389167238588618741565159203419806",
"274704770385510432300321556877520040999",
"121213651121791835501097549373836187390",
"86912459370956624006171528007426723125",
"168923445024026009563937617426532965367",
"69909119391811914032114497317951300232",
"208640262402593377997697320028299114518",
"36170917808475142913871713095988772856",
"200710621718229804556863927080045683487",
"103652904395198323812555537158648192664",
"269243244076439368946418109736805300420",
"225481667666464923879493308783695440545",
"203344442669194797248736878427061548018",
"200031720141735654227253172473515316414",
"119112859086686824159035009335680136695",
"214545612514034197538434282705505391452",
"242069390422519832970788561343077453101",
"41118564849206784510465215117961429759",
"62527126661214536694614122184634538018",
"219041027997379402998853516185112353711",
"319861451918731333906608966206219488999",
"48753661440361771887805148352756859359",
"88003977171591573997778853534079210711",
"219846566171416006638374588111114814899",
"18325378354329123858362529359430665963",
"222305545036300119757199029491827376796",
"196928947564194178213904773623572088652",
"292633975836484577665966094103345942659",
"293733203014534872160338519294845827081",
"325726028574714323751315855469608083067",
"310490631461938804479391168144748620156",
"112129766877318665892031114480726741761",
"304673767298101922571614685245625049618",
"196065605853873133995035286160946754211",
"324375982010981846922088592258100105204",
"187149738068523794604400132549803243303",
"183201359914991437961200912677273703865",
"313493428779461625318110959557295589449",
"252615720184228174143791126348203839174",
"256950694021250246874437092898643402304",
"81405840595769310925114032863508503862",
"110426032881237125757709549559088165109",
"100516423495761567152164637568732173146",
"71496129069303711665349781654907569537"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3291486af5636540980ea55bae985f3eaa5b0740",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "sound/pci/hda/hda_cs_dsp_ctl.c"
},
"id": "CVE-2024-38388-eb210520",
"signature_type": "Line"
}
]