CVE-2024-50105

Summary

CVE-2024-50105 is a Linux kernel vulnerability affecting the Qualcomm Soundwire driver in the SC7280 card. The issue arises from a missed allocation of Soundwire runtime streams, which was incorrectly moved from the Soundwire driver to individual machine sound card drivers in commit 15c7fab0e047. The SC7280 card driver failed to update this change, leading to potential NULL pointer dereferencing or uninitialized memory access during sound playback. This vulnerability can result in various undesirable effects and poses a security risk. The issue has been resolved in the latest Linux kernel updates.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.