CVE-2024-58077

ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring -EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not want to give userspace a way to do a denial-of-service attack on the syslog / diskspace. So don't use soc_pcm_ret() on .prepare callback is better idea.

N/A
CVSS
Severity:
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59
https://git.kernel.org/stable/c/79b8c7c93beb4f5882c9ee5b9ba73354fa4bc9ee
https://git.kernel.org/stable/c/90778f31efdf44622065ebbe8d228284104bd26f
https://git.kernel.org/stable/c/8ec4e8c8e142933eaa8e1ed87168831069250e4e
https://git.kernel.org/stable/c/301c26a018acb94dd537a4418cefa0f654500c6f

Frequently Asked Questions

What is the severity of CVE-2024-58077?
CVE-2024-58077 has not yet been assigned a CVSS score.
How to fix CVE-2024-58077?
To fix CVE-2024-58077, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-58077 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-58077 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-58077?
CVE-2024-58077 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.