CVE-2024-50292

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50292

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50292.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-50292

Downstream

BELL-CVE-2024-50292

DEBIAN-CVE-2024-50292

DLA-4008-1

DLA-4075-1

DSA-5818-1

OESA-2024-2533

OESA-2024-2534

OESA-2024-2536

OESA-2024-2537

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

Related

Published

2024-11-19T02:16:31Z

Modified

2025-08-09T19:01:26Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: stm32: spdifrx: fix dma channel release in stm32spdifrxremove

In case of error when requesting ctrlchan DMA channel, ctrlchan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dmarequestslavechannel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dmareleasechannel+0x24/0x100 [ 5.103235] stm32spdifrxremove+0x24/0x60 [sndsocstm32spdifrx] [ 5.109494] stm32spdifrxprobe+0x320/0x4c4 [sndsocstm32_spdifrx]

To avoid this issue, release channel only if the pointer is valid.

References

Affected packages