CVE-2024-50292

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A vulnerability in the Linux kernel has been identified, related to the ASoC: stm32: spdifrx component. The issue arises when requesting the ctrl chan DMA channel, where an error can lead to a NULL pointer dereference. This results in a kernel error, as evidenced by the call trace involving dma release channel+0x24/0x100, stm32 spdifrx remove+0x24/0x60, and stm32 spdifrx probe+0x320/0x4c4. The problem occurs because the ctrl chan is not null when an error happens, causing issues when releasing the DMA channel.

Recommendations: To resolve this issue, ensure that the DMA channel is released only if the pointer is valid. This can be achieved by modifying the stm32 spdifrx remove function to check the validity of the ctrl chan pointer before releasing the channel. As a temporary workaround, consider disabling the stm32 spdifrx probe function until a patch is available. However, the most effective solution is to update the Linux kernel with the fix for the ASoC: stm32: spdifrx component, which ensures that the DMA channel is released correctly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.