PT-2024-36994 · Linux+2 · Linux Kernel+2

Published

2024-11-26

Updated

2025-05-26

CVE-2024-56685

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the ASoC (Audio System on Chip) mediatek component, where accessing members of a dummy component during probe can result in undefined behavior. This can lead to a kernel panic when a dai link subnode is omitted in the sound card's node in the Devicetree. The vulnerability can be observed in the mt8188 and mt8195 machine sound drivers. To accommodate for both initialized and uninitialized dummy codecs, a check has been added to ensure that num codecs is not zero before accessing the codecs' fields.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-476

Related Identifiers

BDU:2025-07853

CVE-2024-56685

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2024-36994 · Linux+2 · Linux Kernel+2

CVE-2024-56685

Weakness Enumeration

Related Identifiers

Affected Products

References · 1087