CVE-2024-38388

LOW

Linux Kernel 6.0-6.1.92, 6.2-6.6.32, 6.7-6.9.3 - Use-After-Free in ALSA HD Audio DSP Control

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff

Patch

https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2

Patch

https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740

Patch

https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13

Scores

CVSS v3 3.3

EPSS 0.0022

EPSS Percentile 12.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (14)

linux/Kernel 6.0.0 - 6.1.93linux

linux/Kernel 6.2.0 - 6.6.33linux

linux/Kernel 6.7.0 - 6.9.4linux

Linux/Linux < 6.0

Linux/Linux 3233b978af23f11b4ad4f7f11a9a64bd05702b1f - 172811e3a557d8681a5e2d0f871dc04a2d17eb13

Linux/Linux 3233b978af23f11b4ad4f7f11a9a64bd05702b1f - 191dc1b2ff0fb35e7aff15a53224837637df8bff

Linux/Linux 3233b978af23f11b4ad4f7f11a9a64bd05702b1f - 3291486af5636540980ea55bae985f3eaa5b0740

Linux/Linux 3233b978af23f11b4ad4f7f11a9a64bd05702b1f - 6e359be4975006ff72818e79dad8fe48293f2eb2

Linux/Linux 6.0

Linux/Linux 6.1.93 - 6.1.*

... and 4 more

Published Jun 21, 2024

Tracked Since Feb 18, 2026