cve-2024-46849
Vulnerability from cvelistv5
Published
2024-09-27 12:42
Modified
2024-12-19 09:24
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: meson: axg-card: fix 'use-after-free'
Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'pad' pointer initialization after this function when memory is
already reallocated.
Kasan bug report:
==================================================================
BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc
Read of size 8 at addr ffff000000e8b260 by task modprobe/356
CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1
Call trace:
dump_backtrace+0x94/0xec
show_stack+0x18/0x24
dump_stack_lvl+0x78/0x90
print_report+0xfc/0x5c0
kasan_report+0xb8/0xfc
__asan_load8+0x9c/0xb8
axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]
meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]
platform_probe+0x8c/0xf4
really_probe+0x110/0x39c
__driver_probe_device+0xb8/0x18c
driver_probe_device+0x108/0x1d8
__driver_attach+0xd0/0x25c
bus_for_each_dev+0xe0/0x154
driver_attach+0x34/0x44
bus_add_driver+0x134/0x294
driver_register+0xa8/0x1e8
__platform_driver_register+0x44/0x54
axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]
do_one_initcall+0xdc/0x25c
do_init_module+0x10c/0x334
load_module+0x24c4/0x26cc
init_module_from_file+0xd4/0x128
__arm64_sys_finit_module+0x1f4/0x41c
invoke_syscall+0x60/0x188
el0_svc_common.constprop.0+0x78/0x13c
do_el0_svc+0x30/0x40
el0_svc+0x38/0x78
el0t_64_sync_handler+0x100/0x12c
el0t_64_sync+0x190/0x194
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b Version: 7864a79f37b55769b817d5e6c5ae0ca4bfdba93b |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-46849", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-29T13:58:41.870222Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-29T13:58:47.013Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/soc/meson/axg-card.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a33145f494e6cb82f3e018662cc7c4febf271f22", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" }, { "lessThan": "5a2cc2bb81399e9ebc72560541137eb04d61dc3d", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" }, { "lessThan": "fb0530025d502cb79d2b2801b14a9d5261833f1a", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" }, { "lessThan": "e1a199ec31617242e1a0ea8f312341e682d0c037", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" }, { "lessThan": "e43364f578cdc2f8083abbc0cb743ea55e827c29", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" }, { "lessThan": "7d318166bf55e9029d56997c3b134f4ac2ae2607", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" }, { "lessThan": "4f9a71435953f941969a4f017e2357db62d85a86", "status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/soc/meson/axg-card.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.19" }, { "lessThan": "4.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.227", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.168", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.111", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.52", "versionType": "semver" }, { "lessThanOrEqual": "6.10.*", "status": "unaffected", "version": "6.10.11", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix \u0027use-after-free\u0027\n\nBuffer \u0027card-\u003edai_link\u0027 is reallocated in \u0027meson_card_reallocate_links()\u0027,\nso move \u0027pad\u0027 pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:24:36.689Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22" }, { "url": "https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d" }, { "url": "https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a" }, { "url": "https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037" }, { "url": "https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29" }, { "url": "https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607" }, { "url": "https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86" } ], "title": "ASoC: meson: axg-card: fix \u0027use-after-free\u0027", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-46849", "datePublished": "2024-09-27T12:42:43.316Z", "dateReserved": "2024-09-11T15:12:18.290Z", "dateUpdated": "2024-12-19T09:24:36.689Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-46849\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-09-27T13:15:16.723\",\"lastModified\":\"2024-11-08T16:15:23.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nASoC: meson: axg-card: fix \u0027use-after-free\u0027\\n\\nBuffer \u0027card-\u003edai_link\u0027 is reallocated in \u0027meson_card_reallocate_links()\u0027,\\nso move \u0027pad\u0027 pointer initialization after this function when memory is\\nalready reallocated.\\n\\nKasan bug report:\\n\\n==================================================================\\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\\n\\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\\nCall trace:\\n dump_backtrace+0x94/0xec\\n show_stack+0x18/0x24\\n dump_stack_lvl+0x78/0x90\\n print_report+0xfc/0x5c0\\n kasan_report+0xb8/0xfc\\n __asan_load8+0x9c/0xb8\\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\\n platform_probe+0x8c/0xf4\\n really_probe+0x110/0x39c\\n __driver_probe_device+0xb8/0x18c\\n driver_probe_device+0x108/0x1d8\\n __driver_attach+0xd0/0x25c\\n bus_for_each_dev+0xe0/0x154\\n driver_attach+0x34/0x44\\n bus_add_driver+0x134/0x294\\n driver_register+0xa8/0x1e8\\n __platform_driver_register+0x44/0x54\\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\\n do_one_initcall+0xdc/0x25c\\n do_init_module+0x10c/0x334\\n load_module+0x24c4/0x26cc\\n init_module_from_file+0xd4/0x128\\n __arm64_sys_finit_module+0x1f4/0x41c\\n invoke_syscall+0x60/0x188\\n el0_svc_common.constprop.0+0x78/0x13c\\n do_el0_svc+0x30/0x40\\n el0_svc+0x38/0x78\\n el0t_64_sync_handler+0x100/0x12c\\n el0t_64_sync+0x190/0x194\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: meson: axg-card: se corrige el problema \u0027use-after-free\u0027. El b\u00fafer \u0027card-\u0026gt;dai_link\u0027 se reasigna en \u0027meson_card_reallocate_links()\u0027, por lo que se mueve la inicializaci\u00f3n del puntero \u0027pad\u0027 despu\u00e9s de esta funci\u00f3n cuando la memoria ya est\u00e1 reasignada. Informe de error de Kasan: ===================================================================== ERROR: KASAN: slab-use-after-free en axg_card_add_link+0x76c/0x9bc Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff000000e8b260 por la tarea modprobe/356 CPU: 0 PID: 356 Comm: modprobe Contaminado: GO 6.9.12-sdkernel #1 Rastreo de llamadas: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 registro_controlador+0xa8/0x1e8 __registro_controlador_plataforma+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] hacer_una_llamada_inicio+0xdc/0x25c hacer_m\u00f3dulo_inicio+0x10c/0x334 cargar_m\u00f3dulo+0x24c4/0x26cc m\u00f3dulo_inicio_desde_archivo+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invocar_llamada_al_sistema+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c hacer_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19\",\"versionEndExcluding\":\"6.1.111\",\"matchCriteriaId\":\"2C9A750A-3F42-46E2-BCB0-A2C65765F885\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.52\",\"matchCriteriaId\":\"02ADDA94-95BB-484D-8E95-63C0428A28E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.11\",\"matchCriteriaId\":\"F5DB5367-F1F5-4200-B3B3-FDF8AFC3D255\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B3CE743-2126-47A3-8B7C-822B502CF119\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DEB27E7-30AA-45CC-8934-B89263EF3551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0005AEF-856E-47EB-BFE4-90C46899394D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39889A68-6D34-47A6-82FC-CD0BF23D6754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8383ABF-1457-401F-9B61-EE50F4C61F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77A9280-37E6-49AD-B559-5B23A3B1DC3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE5298B3-04B4-4F3E-B186-01A58B5C75A6\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.