CVE-2024-41037

When system enters suspend with an active stream, SOF core calls hwparamsupon_resume(). On Intel platforms with HDA DMA used to manage the link DMA, this leads to call chain of

hdadspsethwparamsuponresume() -> hdadspdaissuspend() -> hdadaisuspend() -> hdaipc4posttrigger()

A bug is hit in hdadaisuspend() as hdalinkdmacleanup() is run first, which clears hextstream->linksubstream, and then hdaipc4posttrigger() is called with a NULL sndpcmsubstream pointer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2b009fa0823c1510700fd17a0780ddd06a460fb4

Fixed

8246bbf818ed7b8d5afc92b951e6d562b45c2450

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2b009fa0823c1510700fd17a0780ddd06a460fb4

Fixed

993af0f2d9f24e3c18a445ae22b34190d1fcad61

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2b009fa0823c1510700fd17a0780ddd06a460fb4

Fixed

9065693dcc13f287b9e4991f43aee70cf5538fdd

Affected versions

v6.*

v6.10-rc1

v6.10-rc2

v6.3

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

v6.9.7

v6.9.8

v6.9.9

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "245276910918412995718245313070658095317",
            "length": 795.0
        },
        "id": "CVE-2024-41037-02d0f77b",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8246bbf818ed7b8d5afc92b951e6d562b45c2450",
        "deprecated": false,
        "target": {
            "file": "sound/soc/sof/intel/hda-dai.c",
            "function": "hda_dai_suspend"
        }
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "100671554921014525679288635978624893551",
                "204450112635421519936925071062943369349",
                "180275230673848685749048259245505784649",
                "65966036400875608810251887778553833305",
                "265438504176463268531895047247307074690",
                "293484339151157235113091063187277182920",
                "3342150572998608947667008186514247893",
                "252028193265733670742181400820710399753",
                "70313224826229266175047948562774056934",
                "133513404084217304479968801281332064386",
                "15245978077281893038792388904386048629",
                "40192689717957874238783082126931959055"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-41037-f31b7de7",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8246bbf818ed7b8d5afc92b951e6d562b45c2450",
        "deprecated": false,
        "target": {
            "file": "sound/soc/sof/intel/hda-dai.c"
        }
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "245276910918412995718245313070658095317",
            "length": 795.0
        },
        "id": "CVE-2024-41037-f3ec0dff",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9065693dcc13f287b9e4991f43aee70cf5538fdd",
        "deprecated": false,
        "target": {
            "file": "sound/soc/sof/intel/hda-dai.c",
            "function": "hda_dai_suspend"
        }
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "100671554921014525679288635978624893551",
                "204450112635421519936925071062943369349",
                "180275230673848685749048259245505784649",
                "65966036400875608810251887778553833305",
                "265438504176463268531895047247307074690",
                "293484339151157235113091063187277182920",
                "3342150572998608947667008186514247893",
                "252028193265733670742181400820710399753",
                "70313224826229266175047948562774056934",
                "133513404084217304479968801281332064386",
                "15245978077281893038792388904386048629",
                "40192689717957874238783082126931959055"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-41037-fe65b413",
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9065693dcc13f287b9e4991f43aee70cf5538fdd",
        "deprecated": false,
        "target": {
            "file": "sound/soc/sof/intel/hda-dai.c"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.4.0

Fixed

6.6.41

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.9.10