CVE-2024-50104

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc2-qcomlt-arm64

Description: A vulnerability in the Linux kernel has been resolved, related to the ASoC (Audio System on Chip) driver for Qualcomm's sdm845 soundcard. The issue occurred during the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to the SoC's soundcard drivers, where the sdm845 soundcard was forgotten. This results in a stream pointer NULL dereference when attempting playback or starting the audio daemon. The vulnerability is triggered by the wsa881x hw params() function being called with a stream parameter set to NULL, which is then passed further in the x4 register. The sdw stream add slave() function is also involved, where a data abort happens at offset 0x44 from the beginning of the function.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the ASoC: qcom: sdm845: add missing soundwire runtime stream alloc vulnerability. As a temporary workaround, consider disabling the audio functionality on affected devices until a patch is available.