PT-2024-32257 · Linux+1 · Linux Kernel+1

Published

2024-09-06

·

Updated

2025-09-29

·

CVE-2024-46863

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the Advanced Linux Sound Architecture (ALSA) System on Chip (SoC) Intel driver, specifically the soc-acpi-intel-lnl-match module. There is no links num in the struct snd soc acpi mach, and the code tests !link->num adr as a condition to end the loop in hda sdw machine select(). To fix this, an empty item in the struct snd soc acpi link adr array is required.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49887
AZL-49897
BDU:2025-04633
CVE-2024-46863

Affected Products

Alt Linux
Linux Kernel