CVE-2024-42088

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42088
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42088.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42088
Related
Published
2024-07-29T17:15:11Z
Modified
2024-09-18T03:26:33.100897Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: mediatek: mt8195: Add platform entry for ETDM1OUTBE dai link

Commit e70b8dd26711 ("ASoC: mediatek: mt8195: Remove afe-dai component and rework codec link") removed the codec entry for the ETDM1OUTBE dai link entirely instead of replacing it with COMPEMPTY(). This worked by accident as the remaining COMPEMPTY() platform entry became the codec entry, and the platform entry became completely empty, effectively the same as COMPDUMMY() since sndsocfilldummy_dai() doesn't do anything for platform entries.

This causes a KASAN out-of-bounds warning in mtksoundcardcommon_probe() in sound/soc/mediatek/common/mtk-soundcard-driver.c:

for_each_card_prelinks(card, i, dai_link) {
    if (adsp_node && !strncmp(dai_link->name, "AFE_SOF", strlen("AFE_SOF")))
        dai_link->platforms->of_node = adsp_node;
    else if (!dai_link->platforms->name && !dai_link->platforms->of_node)
        dai_link->platforms->of_node = platform_node;
}

where the code expects the platforms array to have space for at least one entry.

Add an COMPEMPTY() entry so that dailink->platforms has space.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.9.8-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1
6.8.9-1
6.8.11-1
6.8.12-1~bpo12+1
6.8.12-1
6.9.2-1~exp1
6.9.7-1~bpo12+1
6.9.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}