CVE-2024-58077

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-58077

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58077.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-58077

Downstream

BELL-CVE-2024-58077

DEBIAN-CVE-2024-58077

DLA-4102-1

OESA-2025-1371

OESA-2025-1372

UBUNTU-CVE-2024-58077

USN-7521-1

USN-7521-3

USN-7651-1

USN-7651-2

USN-7651-3

USN-7651-4

USN-7651-5

USN-7651-6

USN-7652-1

USN-7653-1

USN-7737-1

Related

USN-7521-2

Published

2025-03-06T17:15:21Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: soc-pcm: don't use socpcmret() on .prepare callback

commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common socpcmret(). It is used from many functions, ignoring -EINVAL is over-kill.

The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not want to give userspace a way to do a denial-of-service attack on the syslog / diskspace.

So don't use socpcmret() on .prepare callback is better idea.

References

Affected packages