medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-50292: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

First published: Tue Nov 19 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] To avoid this issue, release channel only if the pointer is valid.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.7<5.10.230
Linux Kernel>=5.11<5.15.172
Linux Kernel>=5.16<6.1.117
Linux Kernel>=6.2<6.6.61
Linux Kernel>=6.7<6.11.8
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
Linux Kernel=6.12-rc3
Linux Kernel=6.12-rc4
Linux Kernel=6.12-rc5
Linux Kernel=6.12-rc6
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28

Remedy

https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88

Remedy

https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39

Remedy

https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db

Remedy

https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c

Remedy

https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50292?

    CVE-2024-50292 is considered a medium severity vulnerability due to the potential for resource management issues.

  • How do I fix CVE-2024-50292?

    To fix CVE-2024-50292, update your Linux kernel to the latest patched version that resolves this issue.

  • Which versions of the Linux kernel are affected by CVE-2024-50292?

    CVE-2024-50292 affects Linux kernel versions between 5.7 to 6.12-rc6.

  • What action should I take if I am using an affected Linux kernel for CVE-2024-50292?

    If using an affected Linux kernel, it is recommended to update to a version that has mitigations for CVE-2024-50292.

  • Is CVE-2024-50292 a remote vulnerability?

    CVE-2024-50292 is not specifically a remote vulnerability as it involves local resource management in the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203