AZL-52956

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52956.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-52956
Upstream
Published
2024-11-07T10:15:07Z
Modified
2026-04-01T05:17:55.155054Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2024-50160 affecting package kernel for versions less than 5.15.173.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/cs8409: Fix possible NULL dereference

If sndhdagenaddkctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line.

Since dolphinfixups function is a hdafixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.173.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-52956.json"