CVE-2024-40964

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-40964

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40964.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-40964

Downstream

BELL-CVE-2024-40964

DEBIAN-CVE-2024-40964

OESA-2024-1863

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

UBUNTU-CVE-2024-40964

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7008-1

USN-7029-1

Related

Published

2024-07-12T12:32:04Z

Modified

2025-10-09T12:54:12.662991Z

Summary

ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()

Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41hdaunbind()

The cs35l41hdaunbind() function clears the hdacomponent entry matching it's index and then dereferences the codec pointer held in the first element of the hdacomponent array, this is an issue when the device index was 0.

Instead use the codec pointer stashed in the cs35l41_hda structure as it will still be valid.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1

Fixed

ff27bd8e17884f7cdefecb3f3817caadd6813dc0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1

Fixed

19be722369c347f3af1c5848e303980ed040b819

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1

Fixed

6386682cdc8b41319c92fbbe421953e33a28840c

Affected versions

v6.*

v6.10-rc1

v6.5

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.36

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.9.7