CVE-2024-42088

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the ASoC (Audio System on Chip) component, specifically the mediatek mt8195 driver. A commit removed the codec entry for the ETDM1 OUT BE dai link entirely instead of replacing it with COMP EMPTY(), causing the remaining COMP EMPTY() platform entry to become the codec entry. This results in a KASAN out-of-bounds warning in the mtk soundcard common probe() function. The warning occurs because the code expects the platforms array to have space for at least one entry. To fix this, an COMP EMPTY() entry needs to be added so that dai link->platforms has space.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.