CVE-2024-43896

MEDIUM

Linux Kernel 6.9-6.10.4 - NULL Pointer Dereference in ASoC CS-AMP Library

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Call efi_rt_services_supported() to check that efi.get_variable exists before calling it.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/5b6baaa7cbd77ff980516bad38bbc5a648bb5158

Patch

https://git.kernel.org/stable/c/dc268085e499666b9f4f0fcb4c5a94e1c0b193b3

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 9.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (9)

linux/Kernel 6.9.0 - 6.10.5linux

Linux/Linux < 6.9

Linux/Linux 1cad8725f2b98965ed3658bc917090b30adb14fa - 5b6baaa7cbd77ff980516bad38bbc5a648bb5158

Linux/Linux 1cad8725f2b98965ed3658bc917090b30adb14fa - dc268085e499666b9f4f0fcb4c5a94e1c0b193b3

Linux/Linux 6.10.5 - 6.10.*

Linux/Linux 6.11

Linux/Linux 6.9

linux/linux_kernel 6.11 rc1 (2 CPE variants)

linux/linux_kernel 6.9 - 6.10.5

Published Aug 26, 2024

Tracked Since Feb 18, 2026