CVE-2024-39491

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to cs_dsp_remove() in the error path of cs35l56_hda_common_probe(). The call to cs_dsp_remove() was being done in the component unbind callback cs35l56_hda_unbind(). This meant that if the driver was unbound and then re-bound it would be using an uninitialized cs_dsp instance. It is best to initialize the cs_dsp instance in probe() so that it can return an error if it fails. The component binding API doesn't have any error handling so there's no way to handle a failure if cs_dsp was initialized in the bind.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303	Patch
https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1	Patch
https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e	Patch
https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303	Patch
https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1	Patch
https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-07-10 08:15

Updated : 2025-09-17 16:15

NVD link : CVE-2024-39491

Mitre link : CVE-2024-39491

CVE.ORG link : CVE-2024-39491

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2024-39491", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-07-10T08:15:11.287", "references": [{"url": "https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l56: Fix lifetime of cs_dsp instance\n\nThe cs_dsp instance is initialized in the driver probe() so it\nshould be freed in the driver remove(). Also fix a missing call\nto cs_dsp_remove() in the error path of cs35l56_hda_common_probe().\n\nThe call to cs_dsp_remove() was being done in the component unbind\ncallback cs35l56_hda_unbind(). This meant that if the driver was\nunbound and then re-bound it would be using an uninitialized cs_dsp\ninstance.\n\nIt is best to initialize the cs_dsp instance in probe() so that it\ncan return an error if it fails. The component binding API doesn't\nhave any error handling so there's no way to handle a failure if\ncs_dsp was initialized in the bind."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: cs35l56: Correcci\u00f3n de duraci\u00f3n de la instancia cs_dsp La instancia cs_dsp se inicializa en el controlador probe() por lo que debe liberarse en el controlador remove(). Tambi\u00e9n corrija una llamada faltante a cs_dsp_remove() en la ruta de error de cs35l56_hda_common_probe(). La llamada a cs_dsp_remove() se realizaba en la devoluci\u00f3n de llamada de desvinculaci\u00f3n del componente cs35l56_hda_unbind(). Esto significaba que si el controlador no estaba vinculado y luego se volv\u00eda a vincular, estar\u00eda utilizando una instancia cs_dsp no inicializada. Es mejor inicializar la instancia cs_dsp en probe() para que pueda devolver un error si falla. La API de enlace de componentes no tiene ning\u00fan control de errores, por lo que no hay forma de controlar un error si cs_dsp se inicializ\u00f3 en el enlace."}], "lastModified": "2025-09-17T16:15:20.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53BC60D9-65A5-4D8F-96C8-149F09214DBD", "versionEndExcluding": "6.6.33", "versionStartIncluding": "6.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "991B9791-966A-4D18-9E8D-A8AB128E5627", "versionEndExcluding": "6.9.4", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}