CVE-2024-50292

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] To avoid this issue, release channel only if the pointer is valid.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3a977b554f668382dfba31fd62e4cce4fe5643db patch
https://git.kernel.org/stable/c/0d75f887aabd80cf37ea48d28f159afa7850ea28 patch
https://git.kernel.org/stable/c/4f1d74f74752eab8af6b8b28797dc6490d57374c patch
https://git.kernel.org/stable/c/23bdbd1ef3e063e03d3c50c15a591b005ebbae39 patch
https://git.kernel.org/stable/c/22ae9321054cf7f36c537702af133659f51a0b88 patch
https://git.kernel.org/stable/c/9bb4af400c386374ab1047df44c508512c08c31f patch

Frequently Asked Questions

What is the severity of CVE-2024-50292?
CVE-2024-50292 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50292?
To fix CVE-2024-50292, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50292 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50292 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50292?
CVE-2024-50292 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.