{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-38605","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-18T19:36:34.934Z","datePublished":"2024-06-19T13:48:15.769Z","dateUpdated":"2025-05-04T09:15:07.886Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:15:07.886Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix NULL module pointer assignment at card init\n\nThe commit 81033c6b584b (\"ALSA: core: Warn on empty module\")\nintroduced a WARN_ON() for a NULL module pointer passed at snd_card\nobject creation, and it also wraps the code around it with '#ifdef\nMODULE'.  This works in most cases, but the devils are always in\ndetails.  \"MODULE\" is defined when the target code (i.e. the sound\ncore) is built as a module; but this doesn't mean that the caller is\nalso built-in or not.  Namely, when only the sound core is built-in\n(CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m),\nthe passed module pointer is ignored even if it's non-NULL, and\ncard->module remains as NULL.  This would result in the missing module\nreference up/down at the device open/close, leading to a race with the\ncode execution after the module removal.\n\nFor addressing the bug, move the assignment of card->module again out\nof ifdef.  The WARN_ON() is still wrapped with ifdef because the\nmodule can be really NULL when all sound drivers are built-in.\n\nNote that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would\nlead to a false-positive NULL module check.  Admittedly it won't catch\nperfectly, i.e. no check is performed when CONFIG_SND=y.  But, it's no\nreal problem as it's only for debugging, and the condition is pretty\nrare."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/core/init.c"],"versions":[{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"d7ff29a429b56f04783152ad7bbd7233b740e434","status":"affected","versionType":"git"},{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"e7e0ca200772bdb2fdc6d43d32d341e87a36f811","status":"affected","versionType":"git"},{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"e007476725730c1a68387b54b7629486d8a8301e","status":"affected","versionType":"git"},{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92","status":"affected","versionType":"git"},{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"c935e72139e6d523defd60fe875c01eb1f9ea5c5","status":"affected","versionType":"git"},{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"6b8374ee2cabcf034faa34e69a855dc496a9ec12","status":"affected","versionType":"git"},{"version":"81033c6b584b44514cbb16fffc26ca29a0fa6270","lessThan":"39381fe7394e5eafac76e7e9367e7351138a29c1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/core/init.c"],"versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","status":"unaffected","versionType":"semver"},{"version":"5.10.219","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.161","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.93","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.33","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.12","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9.3","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"5.10.219"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"5.15.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.1.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.6.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.8.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.9.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434"},{"url":"https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811"},{"url":"https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e"},{"url":"https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92"},{"url":"https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5"},{"url":"https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12"},{"url":"https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1"}],"title":"ALSA: core: Fix NULL module pointer assignment at card init","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"CWE-476 NULL Pointer Dereference"}]}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"d7ff29a429b5","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"e7e0ca200772","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"e00747672573","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"e644036a3e2b","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"c935e72139e6","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"6b8374ee2cab","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"81033c6b584b","status":"affected","lessThan":"39381fe7394e","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.9","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"unaffected","lessThan":"5.9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.10.219","status":"unaffected","lessThanOrEqual":"5.11","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.15.161","status":"unaffected","lessThanOrEqual":"5.16","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.1.93","status":"unaffected","lessThanOrEqual":"6.2","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6.33","status":"unaffected","lessThanOrEqual":"6.7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.8.12","status":"unaffected","lessThanOrEqual":"6.9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.9.3","status":"unaffected","lessThanOrEqual":"6.7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.10-rc1","status":"unaffected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-27T17:45:58.997847Z","id":"CVE-2024-38605","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-27T18:08:30.086Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:12:25.960Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e7351138a29c1","tags":["x_transferred"]}]}]}}