SB2024071070 - Improper error handling in Linux kernel pci hda
Published: July 10, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024071070
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper error handling (CVE-ID: CVE-2024-39491)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cs35l56_hda_unbind(), cs35l56_hda_common_probe() and cs35l56_hda_remove() functions in sound/pci/hda/cs35l56_hda.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1
- https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303
- https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33