CVE-2024-42089

ASoC: fsl-asoc-card: set priv->pdev before using it

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a patch
https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a patch
https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9 patch
https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a patch
https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac patch
https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed patch
https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6 patch
https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245 patch

Frequently Asked Questions

What is the severity of CVE-2024-42089?
CVE-2024-42089 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42089?
To fix CVE-2024-42089, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42089 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42089 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42089?
CVE-2024-42089 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.