In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda: fix null deref on system suspend entry
When system enters suspend with an active stream, SOF core calls hwparamsupon_resume(). On Intel platforms with HDA DMA used to manage the link DMA, this leads to call chain of
hdadspsethwparamsuponresume() -> hdadspdaissuspend() -> hdadaisuspend() -> hdaipc4posttrigger()
A bug is hit in hdadaisuspend() as hdalinkdmacleanup() is run first, which clears hextstream->linksubstream, and then hdaipc4posttrigger() is called with a NULL sndpcmsubstream pointer.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Function", "target": { "file": "sound/soc/sof/intel/hda-dai.c", "function": "hda_dai_suspend" }, "id": "CVE-2024-41037-02d0f77b", "digest": { "length": 795.0, "function_hash": "245276910918412995718245313070658095317" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8246bbf818ed7b8d5afc92b951e6d562b45c2450" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "sound/soc/sof/intel/hda-dai.c", "function": "hda_dai_suspend" }, "id": "CVE-2024-41037-c7bb2333", "digest": { "length": 795.0, "function_hash": "245276910918412995718245313070658095317" }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@993af0f2d9f24e3c18a445ae22b34190d1fcad61" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "sound/soc/sof/intel/hda-dai.c" }, "id": "CVE-2024-41037-c9e7bfb7", "digest": { "line_hashes": [ "100671554921014525679288635978624893551", "204450112635421519936925071062943369349", "180275230673848685749048259245505784649", "65966036400875608810251887778553833305", "265438504176463268531895047247307074690", "293484339151157235113091063187277182920", "3342150572998608947667008186514247893", "252028193265733670742181400820710399753", "70313224826229266175047948562774056934", "133513404084217304479968801281332064386", "15245978077281893038792388904386048629", "40192689717957874238783082126931959055" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@993af0f2d9f24e3c18a445ae22b34190d1fcad61" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "sound/soc/sof/intel/hda-dai.c" }, "id": "CVE-2024-41037-f31b7de7", "digest": { "line_hashes": [ "100671554921014525679288635978624893551", "204450112635421519936925071062943369349", "180275230673848685749048259245505784649", "65966036400875608810251887778553833305", "265438504176463268531895047247307074690", "293484339151157235113091063187277182920", "3342150572998608947667008186514247893", "252028193265733670742181400820710399753", "70313224826229266175047948562774056934", "133513404084217304479968801281332064386", "15245978077281893038792388904386048629", "40192689717957874238783082126931959055" ], "threshold": 0.9 }, "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8246bbf818ed7b8d5afc92b951e6d562b45c2450" } ] }