PT-2024-9080 · Linux+6 · Linux Kernel+6

Published

2024-04-29

·

Updated

2025-09-29

·

CVE-2024-36955

CVSS v3.1

7.7

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the usage of device get named child node() in the ALSA component of the Linux kernel. The documentation for this function mentions that the caller is responsible for calling fwnode handle put() on the returned fwnode pointer to avoid a leaked reference. The vulnerability can cause a memory leak. Additionally, there is a mention of a potential denial-of-service due to a memory leak in the is link enabled() function.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-401

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-10762
CVE-2024-36955
INFSA-2024_9315
MGASA-2024-0263
MGASA-2024-0266
OPENSUSE-SU-2024_2947-1
RHSA-2024:9315
RHSA-2024_9315
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2802-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6949-1
USN-6949-2
USN-6950-1
USN-6950-2
USN-6950-3
USN-6950-4
USN-6952-1
USN-6952-2
USN-6955-1
USN-6956-1
USN-6957-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu