CVE-2024-39491
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39491
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39491.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-39491
- Downstream
- Related
- Published
- 2024-07-10T07:14:10Z
- Modified
- 2025-10-17T03:04:35.716096Z
- Summary
- ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
The csdsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to csdspremove() in the error path of cs35l56hdacommonprobe().
The call to csdspremove() was being done in the component unbind callback cs35l56hdaunbind(). This meant that if the driver was unbound and then re-bound it would be using an uninitialized cs_dsp instance.
It is best to initialize the csdsp instance in probe() so that it can return an error if it fails. The component binding API doesn't have any error handling so there's no way to handle a failure if csdsp was initialized in the bind.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced73cfbfa9caea8eda54b4c6e49a9555533660aa1eFixed9054c474f9c219e58a441e401c0e6e38fe713ff1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced73cfbfa9caea8eda54b4c6e49a9555533660aa1eFixed60d5e087e5f334475b032ad7e6ad849fb998f303
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced73cfbfa9caea8eda54b4c6e49a9555533660aa1eFixedd344873c4cbde249b7152d36a273bcc45864001e
Affected versions
v6.*
v6.5
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
Database specific
vanir_signatures
[
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_remove",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "87332082058751508584539015000700251335",
"length": 349.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d344873c4cbde249b7152d36a273bcc45864001e",
"id": "CVE-2024-39491-018f9eb3",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_remove",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "87332082058751508584539015000700251335",
"length": 349.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9054c474f9c219e58a441e401c0e6e38fe713ff1",
"id": "CVE-2024-39491-2941072f",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_remove",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "87332082058751508584539015000700251335",
"length": 349.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60d5e087e5f334475b032ad7e6ad849fb998f303",
"id": "CVE-2024-39491-4c0d5231",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"82514323434446870338740379763858683559",
"89749444869271742272098951644505115457",
"285613101677889313406841060781327060237",
"33826081205729784001661346211843804685",
"310886021323174908263944190436411713689",
"21224190267801794729929973127909043081",
"31117659795935121480586524128135837222",
"49855210877965314502266596948978707117",
"63840547065501832033692861990164970223",
"24074970661682787261428406543867411652",
"97558564250985914354626875661106391380",
"31221821623317795663397068379550458114",
"150617961721190748958369824603728489737",
"105629343513813064782784406313277672206",
"156538429218641235209094163589949366581"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60d5e087e5f334475b032ad7e6ad849fb998f303",
"id": "CVE-2024-39491-600baf97",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_unbind",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "316011125190946611638681689031520217966",
"length": 508.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9054c474f9c219e58a441e401c0e6e38fe713ff1",
"id": "CVE-2024-39491-778e1185",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_common_probe",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "336239086035848127150824156903858989672",
"length": 2217.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d344873c4cbde249b7152d36a273bcc45864001e",
"id": "CVE-2024-39491-7e490f42",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"82514323434446870338740379763858683559",
"89749444869271742272098951644505115457",
"285613101677889313406841060781327060237",
"33826081205729784001661346211843804685",
"310886021323174908263944190436411713689",
"21224190267801794729929973127909043081",
"31117659795935121480586524128135837222",
"49855210877965314502266596948978707117",
"63840547065501832033692861990164970223",
"24074970661682787261428406543867411652",
"97558564250985914354626875661106391380",
"31221821623317795663397068379550458114",
"150617961721190748958369824603728489737",
"105629343513813064782784406313277672206",
"156538429218641235209094163589949366581"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d344873c4cbde249b7152d36a273bcc45864001e",
"id": "CVE-2024-39491-994e01e8",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_unbind",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "316011125190946611638681689031520217966",
"length": 508.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d344873c4cbde249b7152d36a273bcc45864001e",
"id": "CVE-2024-39491-9cbc2997",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_unbind",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "316011125190946611638681689031520217966",
"length": 508.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60d5e087e5f334475b032ad7e6ad849fb998f303",
"id": "CVE-2024-39491-da012ef6",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"82514323434446870338740379763858683559",
"89749444869271742272098951644505115457",
"285613101677889313406841060781327060237",
"33826081205729784001661346211843804685",
"310886021323174908263944190436411713689",
"21224190267801794729929973127909043081",
"31117659795935121480586524128135837222",
"49855210877965314502266596948978707117",
"63840547065501832033692861990164970223",
"24074970661682787261428406543867411652",
"97558564250985914354626875661106391380",
"31221821623317795663397068379550458114",
"150617961721190748958369824603728489737",
"105629343513813064782784406313277672206",
"156538429218641235209094163589949366581"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9054c474f9c219e58a441e401c0e6e38fe713ff1",
"id": "CVE-2024-39491-e0f1433b",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_common_probe",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "96781718059544844404610661560325317993",
"length": 2091.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9054c474f9c219e58a441e401c0e6e38fe713ff1",
"id": "CVE-2024-39491-e2765fce",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"function": "cs35l56_hda_common_probe",
"file": "sound/pci/hda/cs35l56_hda.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "336239086035848127150824156903858989672",
"length": 2217.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60d5e087e5f334475b032ad7e6ad849fb998f303",
"id": "CVE-2024-39491-f20462bb",
"signature_version": "v1"
}
]