CVE-2024-41037

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-41037
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41037.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-41037
Downstream
Related
Published
2024-07-29T14:31:51Z
Modified
2025-10-15T12:58:51.144206Z
Summary
ASoC: SOF: Intel: hda: fix null deref on system suspend entry
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: fix null deref on system suspend entry

When system enters suspend with an active stream, SOF core calls hwparamsupon_resume(). On Intel platforms with HDA DMA used to manage the link DMA, this leads to call chain of

hdadspsethwparamsuponresume() -> hdadspdaissuspend() -> hdadaisuspend() -> hdaipc4posttrigger()

A bug is hit in hdadaisuspend() as hdalinkdmacleanup() is run first, which clears hextstream->linksubstream, and then hdaipc4posttrigger() is called with a NULL sndpcmsubstream pointer.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2b009fa0823c1510700fd17a0780ddd06a460fb4
Fixed
8246bbf818ed7b8d5afc92b951e6d562b45c2450
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2b009fa0823c1510700fd17a0780ddd06a460fb4
Fixed
993af0f2d9f24e3c18a445ae22b34190d1fcad61
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2b009fa0823c1510700fd17a0780ddd06a460fb4
Fixed
9065693dcc13f287b9e4991f43aee70cf5538fdd

Affected versions

v6.*

v6.10-rc1
v6.10-rc2
v6.3
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
v6.9.8
v6.9.9

Database specific

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "sound/soc/sof/intel/hda-dai.c",
                "function": "hda_dai_suspend"
            },
            "id": "CVE-2024-41037-02d0f77b",
            "digest": {
                "length": 795.0,
                "function_hash": "245276910918412995718245313070658095317"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8246bbf818ed7b8d5afc92b951e6d562b45c2450"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "sound/soc/sof/intel/hda-dai.c",
                "function": "hda_dai_suspend"
            },
            "id": "CVE-2024-41037-c7bb2333",
            "digest": {
                "length": 795.0,
                "function_hash": "245276910918412995718245313070658095317"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@993af0f2d9f24e3c18a445ae22b34190d1fcad61"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "sound/soc/sof/intel/hda-dai.c"
            },
            "id": "CVE-2024-41037-c9e7bfb7",
            "digest": {
                "line_hashes": [
                    "100671554921014525679288635978624893551",
                    "204450112635421519936925071062943369349",
                    "180275230673848685749048259245505784649",
                    "65966036400875608810251887778553833305",
                    "265438504176463268531895047247307074690",
                    "293484339151157235113091063187277182920",
                    "3342150572998608947667008186514247893",
                    "252028193265733670742181400820710399753",
                    "70313224826229266175047948562774056934",
                    "133513404084217304479968801281332064386",
                    "15245978077281893038792388904386048629",
                    "40192689717957874238783082126931959055"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@993af0f2d9f24e3c18a445ae22b34190d1fcad61"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "sound/soc/sof/intel/hda-dai.c"
            },
            "id": "CVE-2024-41037-f31b7de7",
            "digest": {
                "line_hashes": [
                    "100671554921014525679288635978624893551",
                    "204450112635421519936925071062943369349",
                    "180275230673848685749048259245505784649",
                    "65966036400875608810251887778553833305",
                    "265438504176463268531895047247307074690",
                    "293484339151157235113091063187277182920",
                    "3342150572998608947667008186514247893",
                    "252028193265733670742181400820710399753",
                    "70313224826229266175047948562774056934",
                    "133513404084217304479968801281332064386",
                    "15245978077281893038792388904386048629",
                    "40192689717957874238783082126931959055"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8246bbf818ed7b8d5afc92b951e6d562b45c2450"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.41
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.9.10