CVE - CVE-2024-46798

CVE-ID
CVE-2024-46798	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Read of size 1 at addr ffff0000b9434d50 by task systemd-sleep/2330 [ 52.047785] Call trace: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 The snd_pcm_sync_stop() has a NULL check on 'substream->runtime' before making any access. So we need to always set 'substream->runtime' to NULL everytime we kfree() it.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624 URL:https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624 MISC:https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d URL:https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d MISC:https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e URL:https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e MISC:https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f URL:https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f MISC:https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89 URL:https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89 MISC:https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 URL:https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565 MISC:https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e URL:https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e
Assigning CNA
kernel.org
Date Record Created
20240911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)