PT-2024-29218 · Linux+4 · Linux Kernel+4

Bard Liao

+2

·

Published

2024-07-04

·

Updated

2025-09-29

·

CVE-2024-41037

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A bug has been resolved in the Linux kernel related to a null dereference on system suspend entry. When the system enters suspend with an active stream, the SOF core calls hw params upon resume(). On Intel platforms with HDA DMA used to manage the link DMA, this leads to a call chain of hda dsp set hw params upon resume() -> hda dsp dais suspend() -> hda dai suspend() -> hda ipc4 post trigger(). A bug is hit in hda dai suspend() as hda link dma cleanup() is run first, which clears hext stream->link substream, and then hda ipc4 post trigger() is called with a NULL snd pcm substream pointer.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
AZL-47546
BDU:2025-03015
CVE-2024-41037
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-2124
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu