DEBIAN-CVE-2024-50292

DEBIAN-CVE-2024-50292 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] To avoid this issue, release channel only if the pointer is valid.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux-6.1	6.1.106-3~deb11u1, 6.1.112-1, 6.1.106-3
Debian:11	linux	5.10.226-1, 5.10.140-1, 5.10.205-1
Debian:13	linux	0, 0
Debian:14	linux	0, 0
Debian:12	linux	6.1.69-1, 6.1.76-1, 6.1.76-1~bpo11+1

Timeline

Nov 19, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-50292 advisory

Open in Interactive Console →