CVE-2024-38551

MEDIUM

Linux Kernel - NULL Pointer Dereference in MediaTek Sound Card Drivers

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Assign dummy when codec not specified for a DAI link MediaTek sound card drivers are checking whether a DAI link is present and used on a board to assign the correct parameters and this is done by checking the codec DAI names at probe time. If no real codec is present, assign the dummy codec to the DAI link to avoid NULL pointer during string comparison.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158

Patch

https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226

Patch

https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9

Patch

https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 6.3.0 - 6.6.33linux

linux/Kernel 6.7.0 - 6.8.12linux

linux/Kernel 6.9.0 - 6.9.3linux

Linux/Linux < 6.3

Linux/Linux 4302187d955f166c03b4fa7c993b89ffbabfca4e - 0c052b1c11d8119f3048b1f7b3c39a90500cacf9

Linux/Linux 4302187d955f166c03b4fa7c993b89ffbabfca4e - 5f39231888c63f0a7708abc86b51b847476379d8

Linux/Linux 4302187d955f166c03b4fa7c993b89ffbabfca4e - 87b8dca6e06f9b1681bc52bf7bfa85c663a11158

Linux/Linux 4302187d955f166c03b4fa7c993b89ffbabfca4e - cbbcabc7f0979f6542372cf88d7a9da7143a4226

Linux/Linux 6.10

Linux/Linux 6.3

... and 4 more

Published Jun 19, 2024

Tracked Since Feb 18, 2026