CVE-2024-57805

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-57805
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-57805.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-57805
Downstream
Related
Published
2025-01-11T12:39:51.798Z
Modified
2025-11-28T02:35:32.530501Z
Summary
ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP

The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to 'steal' the linkDMA since it has been released.

This issue is not easy to reproduce under normal conditions as usually after stop the stream is closed, or the same stream is restarted, but if another stream got in between the stop and start, like this: aplay -Dhw:0,3 -c2 -r48000 -fS32LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32LE /dev/zero -d 120

then the link DMA channels will be mixed up, resulting firmware error or crash.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57805.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ab5593793e9088abcddce30ba8e376e31b7285fd
Fixed
909ecf15cb70f78cdb5c930f58df01db039a0ff8
Fixed
e8d0ba147d901022bcb69da8d8fd817f84e9f3ca
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ec0c7735dd014e54e55bc3bf4ed2e73d56bb00b3

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.12.8