logo_clicknbuy.png

CVE-2024-58077 – Linux Kernel ASoC soc_pcm Denial-of-Service Vulnerability

The following table lists the changes that have been made to the
CVE-2024-58077 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 06, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    ASoC: soc-pcm: don’t use soc_pcm_ret() on .prepare callback

    commit 1f5664351410 (“ASoC: lower “no backend DAIs enabled for … Port”
    log severity”) ignores -EINVAL error message on common soc_pcm_ret().
    It is used from many functions, ignoring -EINVAL is over-kill.

    The reason why -EINVAL was ignored was it really should only be used
    upon invalid parameters coming from userspace and in that case we don’t
    want to log an error since we do not want to give userspace a way to do
    a denial-of-service attack on the syslog / diskspace.

    So don’t use soc_pcm_ret() on .prepare callback is better idea.
    Added Reference https://git.kernel.org/stable/c/301c26a018acb94dd537a4418cefa0f654500c6f
    Added Reference https://git.kernel.org/stable/c/79b8c7c93beb4f5882c9ee5b9ba73354fa4bc9ee
    Added Reference https://git.kernel.org/stable/c/8ec4e8c8e142933eaa8e1ed87168831069250e4e
    Added Reference https://git.kernel.org/stable/c/90778f31efdf44622065ebbe8d228284104bd26f
    Added Reference https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59
Share the Post:

Related Posts