CVE-2024-50103

ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred without addtional check. Add a NULL check for the returned pointer.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/03c9c2c2d2d0fe203dfe8f56bedbcf04e303d7c4
https://git.kernel.org/stable/c/a8e691fe1894c8bdf815a6171ee22ae7da8b18aa patch
https://git.kernel.org/stable/c/e19bf49e903337641fc230d430d49813e3199902 patch
https://git.kernel.org/stable/c/73cc3f905ca9aa95694eea3dfa1acadc90686368 patch
https://git.kernel.org/stable/c/1e235d02d803660777ec911a2c467ae41f8539f5 patch
https://git.kernel.org/stable/c/49da1463c9e3d2082276c3e0e2a8b65a88711cd2 patch

Frequently Asked Questions

What is the severity of CVE-2024-50103?
CVE-2024-50103 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50103?
To fix CVE-2024-50103, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50103 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50103 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50103?
CVE-2024-50103 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.