CVE-2024-38551

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.37

Description: The issue is related to the ASoC component in the Linux kernel, specifically with the MediaTek sound card drivers. The vulnerability arises when a DAI link is present but no real codec is specified, leading to a potential NULL pointer during string comparison. The drivers are designed to check for the presence of a DAI link and assign parameters accordingly by examining codec DAI names at probe time. If no real codec is present, the drivers should assign a dummy codec to the DAI link to prevent this issue. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations: To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider restricting access to the vulnerable ASoC component until a patch is applied. Avoid using the DAI link without a properly assigned codec to minimize the risk of exploitation.