CVE-2024-53180: ALSA: pcm: Add sanity NULL check for the default mmap fault handler
First published: Fri Dec 27 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.64 | |
| Linux Kernel | >=6.7<6.11.11 | |
| Linux Kernel | >=6.12<6.12.2 | |
| debian/linux | <=5.10.223-1<=5.10.234-1 | 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f
- https://git.kernel.org/stable/c/832efbb74b1578e3737d593a204d42af8bd1b81b
- https://git.kernel.org/stable/c/bc200027ee92fba84f1826494735ed675f3aa911
- https://git.kernel.org/stable/c/f0ce9e24eff1678c16276f9717f26a78202506a2
- https://git.kernel.org/stable/c/0c4c9bf5eab7bee6b606f2abb0993e933b5831a0
- https://git.kernel.org/stable/c/d2913a07d9037fe7aed4b7e680684163eaed6bc4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53180
- https://nvd.nist.gov/vuln/detail/CVE-2024-53180
- https://launchpad.net/bugs/cve/CVE-2024-53180
- https://security-tracker.debian.org/tracker/CVE-2024-53180
- https://ubuntu.com/security/CVE-2024-53180
- https://git.kernel.org/linus/d2913a07d9037fe7aed4b7e680684163eaed6bc4
Frequently Asked Questions
What is the severity of CVE-2024-53180?
The severity of CVE-2024-53180 has been classified as moderate.
How do I fix CVE-2024-53180?
To fix CVE-2024-53180, update the Linux kernel to a version that is greater than 5.15.174 or between the versions of 5.16 and 6.1.120, or between 6.2 and 6.6.64, or between 6.7 and 6.11.11, or at least 6.12.2.
Which versions of the Linux kernel are affected by CVE-2024-53180?
CVE-2024-53180 affects multiple versions, specifically kernels from 5.15.0 to 5.15.174, 5.16.0 to 6.1.120, 6.2.0 to 6.6.64, and 6.7.0 to 6.11.11, as well as 6.12.0 to 6.12.2.
What type of vulnerability is CVE-2024-53180?
CVE-2024-53180 is related to a memory management issue in the ALSA pcm subsystem of the Linux kernel.
Is there a workaround for CVE-2024-53180?
There is no specific workaround for CVE-2024-53180; updating the kernel is the recommended approach.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/usn-cve
- source/Ubuntu
- agent/softwarecombine
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12
- package-manager/debian