CVE-2024-50292
- Source
- https://cve.org/CVERecord?id=CVE-2024-50292
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50292.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50292
- Downstream
- Related
- Published
- 2024-11-19T01:30:38.036Z
- Modified
- 2026-03-20T12:39:40.887242Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: stm32: spdifrx: fix dma channel release in stm32spdifrxremove
In case of error when requesting ctrlchan DMA channel, ctrlchan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dmarequestslavechannel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dmareleasechannel+0x24/0x100 [ 5.103235] stm32spdifrxremove+0x24/0x60 [sndsocstm32spdifrx] [ 5.109494] stm32spdifrxprobe+0x320/0x4c4 [sndsocstm32_spdifrx]
To avoid this issue, release channel only if the pointer is valid.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50292.json" }- References
-
- https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28
- https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88
- https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39
- https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db
- https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c
- https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50292.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-50292
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced794df9448edb55978e50372f083aeedade1b2844Fixed3a977b554f668382dfba31fd62e4cce4fe5643dbFixed0d75f887aabd80cf37ea48d28f159afa7850ea28Fixed4f1d74f74752eab8af6b8b28797dc6490d57374cFixed23bdbd1ef3e063e03d3c50c15a591b005ebbae39Fixed22ae9321054cf7f36c537702af133659f51a0b88Fixed9bb4af400c386374ab1047df44c508512c08c31f