PT-2024-30680 · Linux+6 · Linux Kernel+6

Published

2024-07-04

·

Updated

2025-09-29

·

CVE-2024-43818

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description The issue is related to the Advanced Sound Architecture (ASoC) component in the Linux kernel, specifically with the acpi get first physical node() function, which can return NULL under certain conditions, such as when there is no device, an ACPI table error, or a reference count drop to 0. The existing check only emits an error message but does not perform a return, resulting in a NULL pointer being passed to devm acpi dev add driver gpios(), where it is dereferenced. This error handling has been adjusted by adding an error code return.
Recommendations Update to Linux kernel version 6.6.50 or later to resolve the issue. As a temporary workaround, consider disabling the devm acpi dev add driver gpios() function until a patch is available. Restrict access to the vulnerable acpi get first physical node() function to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2025-01727
CVE-2024-43818
DLA-4008-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2124
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu