2323949 – (CVE-2024-50105) CVE-2024-50105 kernel: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc

Bug 2323949 (CVE-2024-50105) - CVE-2024-50105 kernel: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc

Summary: CVE-2024-50105 kernel: ASoC: qcom: sc7280: Fix missing Soundwire runtime stre...

Keywords:
Status:	NEW
Alias:	CVE-2024-50105
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2324008
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-05 18:04 UTC by OSIDB Bzimport
Modified:	2024-11-05 22:12 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-11-05 18:04:03 UTC

In the Linux kernel, the following vulnerability has been resolved:

ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc

Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to
soundcards") moved the allocation of Soundwire stream runtime from the
Qualcomm Soundwire driver to each individual machine sound card driver,
except that it forgot to update SC7280 card.

Just like for other Qualcomm sound cards using Soundwire, the card
driver should allocate and release the runtime.  Otherwise sound
playback will result in a NULL pointer dereference or other effect of
uninitialized memory accesses (which was confirmed on SDM845 having
similar issue).

Comment 1 Robb Gatica 2024-11-05 20:52:11 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024110553-CVE-2024-50105-6efa@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.