CVE-2024-46849

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-46849
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46849.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-46849
Downstream
Related
Published
2024-09-27T13:15:16Z
Modified
2025-08-09T20:01:27Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: meson: axg-card: fix 'use-after-free'

Buffer 'card->dailink' is reallocated in 'mesoncardreallocatelinks()', so move 'pad' pointer initialization after this function when memory is already reallocated.

Kasan bug report:

================================================================== BUG: KASAN: slab-use-after-free in axgcardadd_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356

CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dumpbacktrace+0x94/0xec showstack+0x18/0x24 dumpstacklvl+0x78/0x90 printreport+0xfc/0x5c0 kasanreport+0xb8/0xfc _asanload8+0x9c/0xb8 axgcardaddlink+0x76c/0x9bc [sndsocmesonaxgsoundcard] mesoncardprobe+0x344/0x3b8 [sndsocmesoncardutils] platformprobe+0x8c/0xf4 reallyprobe+0x110/0x39c _driverprobedevice+0xb8/0x18c driverprobedevice+0x108/0x1d8 _driverattach+0xd0/0x25c busforeachdev+0xe0/0x154 driverattach+0x34/0x44 busadddriver+0x134/0x294 driverregister+0xa8/0x1e8 _platformdriverregister+0x44/0x54 axgcardpdrvinit+0x20/0x1000 [sndsocmesonaxgsoundcard] dooneinitcall+0xdc/0x25c doinitmodule+0x10c/0x334 loadmodule+0x24c4/0x26cc initmodulefromfile+0xd4/0x128 _arm64sysfinitmodule+0x1f4/0x41c invokesyscall+0x60/0x188 el0svccommon.constprop.0+0x78/0x13c doel0svc+0x30/0x40 el0svc+0x38/0x78 el0t64synchandler+0x100/0x12c el0t64sync+0x190/0x194

References

Affected packages