SB2024062067 - NULL pointer dereference in Linux kernel mediatek common
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062067
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-38551)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_card_codec_info() function in sound/soc/mediatek/common/mtk-soundcard-driver.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158
- https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226
- https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9
- https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12