CVE-2024-53180

ALSA: pcm: Add sanity NULL check for the default mmap fault handler

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f patch
https://git.kernel.org/stable/c/832efbb74b1578e3737d593a204d42af8bd1b81b patch
https://git.kernel.org/stable/c/bc200027ee92fba84f1826494735ed675f3aa911 patch
https://git.kernel.org/stable/c/f0ce9e24eff1678c16276f9717f26a78202506a2 patch
https://git.kernel.org/stable/c/0c4c9bf5eab7bee6b606f2abb0993e933b5831a0 patch
https://git.kernel.org/stable/c/d2913a07d9037fe7aed4b7e680684163eaed6bc4 patch

Frequently Asked Questions

What is the severity of CVE-2024-53180?
CVE-2024-53180 has been scored as a medium severity vulnerability.
How to fix CVE-2024-53180?
To fix CVE-2024-53180, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53180 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53180 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53180?
CVE-2024-53180 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.