CVE-2024-46849

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.12-sdkernel

Description The issue is related to a 'use-after-free' vulnerability in the ASoC: meson: axg-card component of the Linux kernel. The buffer 'card->dai link' is reallocated in 'meson card reallocate links()', and the 'pad' pointer initialization needs to be moved after this function when memory is already reallocated. A Kasan bug report indicates a slab-use-after-free in axg card add link+0x76c/0x9bc.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the 'use-after-free' vulnerability in the ASoC: meson: axg-card component. As a temporary workaround, consider disabling the axg card add link() function until a patch is available. Restrict access to the vulnerable module snd soc meson axg sound card to minimize the risk of exploitation. Avoid using the card->dai link buffer in the affected API endpoint until the issue is resolved.