CVE-2024-50160

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 7, 2024

Updated: Nov 13, 2024

CWE ID 476

Summary

CVE-2024-50160 is a newly identified vulnerability affecting the Linux kernel. This issue lies within the ALSA (Advanced Linux Sound Architecture) driver for the cs8409 chipset. Specifically, in the hda/cs8409 module, if the function snd_hda_gen_add_kctl fails to allocate memory and returns NULL, a subsequent NULL pointer dereference occurs. Given that dolphin_fixups, which is a hda_fixup function, is not intended to return errors, a check has been added to ignore such failures and prevent the dereference from causing potential harm. The vulnerability was discovered by the Linux Verification Center (linuxtesting.org) through their SVACE (Security Vulnerability and Advisory Coordination and Evaluation) program.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database