CVE-2024-50160

ALSA: hda/cs8409: Fix possible NULL dereference

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4e19aca8db696b6ba4dd8c73657405e15c695f14 patch
https://git.kernel.org/stable/c/21dc97d5086fdabbe278786bb0a03cbf2e26c793 patch
https://git.kernel.org/stable/c/8971fd61210d75fd2af225621cd2fcc87eb1847c patch
https://git.kernel.org/stable/c/a5dd71a8b849626f42d08a5e73d382f2016fc7bc patch
https://git.kernel.org/stable/c/c9bd4a82b4ed32c6d1c90500a52063e6e341517f patch

Frequently Asked Questions

What is the severity of CVE-2024-50160?
CVE-2024-50160 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50160?
To fix CVE-2024-50160, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50160 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50160 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50160?
CVE-2024-50160 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.