PT-2024-8668 · Linux+5 · Linux Kernel+5

Published

2024-01-11

Updated

2025-03-28

CVE-2024-35842

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential NULL pointer dereference in the Linux kernel, specifically in the ASoC (Audio System on Chip) component, which is used for audio processing. The problem arises because not all entries of the struct sof conn stream declare a normal link string, which is a non-SOF (Sound Open Firmware) direct link string. This is particularly relevant for System-on-Chip (SoC) designs that support only SOF paths and do not support both direct and SOF use cases. For example, the MT8188 SoC does not have a normal link string in any of its sof conn stream entries. To prevent possible NULL pointer kernel panics (KPs), a NULL check for the normal link string has been added.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-10268

CVE-2024-35842

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-8668 · Linux+5 · Linux Kernel+5

CVE-2024-35842

Weakness Enumeration

Related Identifiers

Affected Products

References · 2964