CVE-2024-46849
Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194
CVSS Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Threat Intelligence
Weaknesses 1
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| debian | debian_linux | 11.0 | any |
| linux | linux_kernel | * | ≥4.19 – <5.4.285 |
| linux | linux_kernel | * | ≥5.5 – <5.10.227 |
| linux | linux_kernel | * | ≥5.11 – <5.15.168 |
| linux | linux_kernel | * | ≥5.16 – <6.1.111 |
| linux | linux_kernel | * | ≥6.2 – <6.6.52 |
| linux | linux_kernel | * | ≥6.7 – <6.10.11 |
| linux | linux_kernel | 6.11 | any |
| linux | linux_kernel | 6.11 | any |
| linux | linux_kernel | 6.11 | any |
| linux | linux_kernel | 6.11 | any |
| linux | linux_kernel | 6.11 | any |
| linux | linux_kernel | 6.11 | any |
| linux | linux_kernel | 6.11 | any |
References 9
- git.kernel.org https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86
- git.kernel.org https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d
- git.kernel.org https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607
- git.kernel.org https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22
- git.kernel.org https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037
- git.kernel.org https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29
- git.kernel.org https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Remediation
- git.kernel.org https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86
- git.kernel.org https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d
- git.kernel.org https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607
- git.kernel.org https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22
- git.kernel.org https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037
- git.kernel.org https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29
- git.kernel.org https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a