CVE-2024-42089
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42089
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-42089.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-42089
- Downstream
- Related
- Published
- 2024-07-29T16:26:29.288Z
- Modified
- 2025-11-28T02:33:52.792236Z
- Summary
- ASoC: fsl-asoc-card: set priv->pdev before using it
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: fsl-asoc-card: set priv->pdev before using it
priv->pdev pointer was set after being used in fslasoccardaudmuxinit(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv.
fslasoccardaudmuxinit() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42089.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed
- https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9
- https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a
- https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6
- https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a
- https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac
- https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245
- https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42089.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-42089
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced708b4351f08c08ea93f773fb9197bdd3f3b08273Fixedae81535ce2503aabc4adab3472f4338070cdeb6aFixed8896e18b7c366f8faf9344abfd0971435f1c723aFixed3662eb2170e59b58ad479982dc1084889ba757b9Fixed544ab46b7ece6d6bebbdee5d5659c0a0f804a99aFixed8faf91e58425c2f6ce773250dfd995f1c2d461acFixed29bc9e7c75398b0d12fc30955f2e9b2dd29ffaedFixed7c18b4d89ff9c810b6e562408afda5ce165c4ea6Fixed90f3feb24172185f1832636264943e8b5e289245
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.18.0Fixed4.19.317
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.279
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.221
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.162
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.97
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.37
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.9.8