In the Linux kernel, the following vulnerability has been resolved:
ASoC: meson: axg-card: fix 'use-after-free'
Buffer 'card->dailink' is reallocated in 'mesoncardreallocatelinks()', so move 'pad' pointer initialization after this function when memory is already reallocated.
Kasan bug report:
================================================================== BUG: KASAN: slab-use-after-free in axgcardadd_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356
CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dumpbacktrace+0x94/0xec showstack+0x18/0x24 dumpstacklvl+0x78/0x90 printreport+0xfc/0x5c0 kasanreport+0xb8/0xfc _asanload8+0x9c/0xb8 axgcardaddlink+0x76c/0x9bc [sndsocmesonaxgsoundcard] mesoncardprobe+0x344/0x3b8 [sndsocmesoncardutils] platformprobe+0x8c/0xf4 reallyprobe+0x110/0x39c _driverprobedevice+0xb8/0x18c driverprobedevice+0x108/0x1d8 _driverattach+0xd0/0x25c busforeachdev+0xe0/0x154 driverattach+0x34/0x44 busadddriver+0x134/0x294 driverregister+0xa8/0x1e8 _platformdriverregister+0x44/0x54 axgcardpdrvinit+0x20/0x1000 [sndsocmesonaxgsoundcard] dooneinitcall+0xdc/0x25c doinitmodule+0x10c/0x334 loadmodule+0x24c4/0x26cc initmodulefromfile+0xd4/0x128 _arm64sysfinitmodule+0x1f4/0x41c invokesyscall+0x60/0x188 el0svccommon.constprop.0+0x78/0x13c doel0svc+0x30/0x40 el0svc+0x38/0x78 el0t64synchandler+0x100/0x12c el0t64sync+0x190/0x194
[ { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d318166bf55e9029d56997c3b134f4ac2ae2607", "signature_type": "Line", "id": "CVE-2024-46849-0cdc4053", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f9a71435953f941969a4f017e2357db62d85a86", "signature_type": "Line", "id": "CVE-2024-46849-154d1efe", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e43364f578cdc2f8083abbc0cb743ea55e827c29", "signature_type": "Line", "id": "CVE-2024-46849-4858ead6", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fb0530025d502cb79d2b2801b14a9d5261833f1a", "signature_type": "Function", "id": "CVE-2024-46849-53fa05a9", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1099.0, "function_hash": "4527043809375143116528611678670771601" }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a33145f494e6cb82f3e018662cc7c4febf271f22", "signature_type": "Function", "id": "CVE-2024-46849-692d8ae1", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1099.0, "function_hash": "4527043809375143116528611678670771601" }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d318166bf55e9029d56997c3b134f4ac2ae2607", "signature_type": "Function", "id": "CVE-2024-46849-6ab631b8", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1003.0, "function_hash": "78716939203586220867654336387324832779" }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e1a199ec31617242e1a0ea8f312341e682d0c037", "signature_type": "Line", "id": "CVE-2024-46849-74056aa4", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a2cc2bb81399e9ebc72560541137eb04d61dc3d", "signature_type": "Line", "id": "CVE-2024-46849-76ad3a53", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e43364f578cdc2f8083abbc0cb743ea55e827c29", "signature_type": "Function", "id": "CVE-2024-46849-7edb863f", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1000.0, "function_hash": "159954874597228726965204554666784971638" }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a33145f494e6cb82f3e018662cc7c4febf271f22", "signature_type": "Line", "id": "CVE-2024-46849-b2c19169", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fb0530025d502cb79d2b2801b14a9d5261833f1a", "signature_type": "Line", "id": "CVE-2024-46849-b4848144", "target": { "file": "sound/soc/meson/axg-card.c" }, "digest": { "line_hashes": [ "58183097759953195317961335745643675615", "264251312611583250861293061066743613283", "14510766260801092576274671984903973431", "223199294627795430935310010564133074173", "2747937456709748552641969849554135337", "82658865927189677888115853857550655092", "308366405269586917993790187409940066572" ], "threshold": 0.9 }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e1a199ec31617242e1a0ea8f312341e682d0c037", "signature_type": "Function", "id": "CVE-2024-46849-d025931d", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1099.0, "function_hash": "4527043809375143116528611678670771601" }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5a2cc2bb81399e9ebc72560541137eb04d61dc3d", "signature_type": "Function", "id": "CVE-2024-46849-ed049816", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1099.0, "function_hash": "4527043809375143116528611678670771601" }, "signature_version": "v1" }, { "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4f9a71435953f941969a4f017e2357db62d85a86", "signature_type": "Function", "id": "CVE-2024-46849-f62bc92e", "target": { "file": "sound/soc/meson/axg-card.c", "function": "axg_card_add_tdm_loopback" }, "digest": { "length": 1003.0, "function_hash": "78716939203586220867654336387324832779" }, "signature_version": "v1" } ]