CVE-2024-38388
LOWLinux Kernel - Memory Corruption
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.
References (4)
Scores
CVSS v3
3.3
EPSS
0.0003
EPSS Percentile
9.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Classification
CWE
CWE-401
Status
published
Affected Products (4)
linux/linux_kernel
< 6.1.93
linux/Kernel
< 6.1.93linux
linux/Kernel
< 6.6.33linux
linux/Kernel
< 6.9.4linux
Timeline
Published
Jun 21, 2024
Tracked Since
Feb 18, 2026