CVE-2024-46849 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc7::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86
https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d
https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607
https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22
https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037
https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29
https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a
https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-46849
https://www.cve.org/CVERecord?id=CVE-2024-46849

History

Fri, 08 Nov 2024 16:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22

Thu, 17 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a

Wed, 02 Oct 2024 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-416
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc7::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Sun, 29 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 28 Sep 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-46849 https://www.cve.org/CVERecord?id=CVE-2024-46849
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 27 Sep 2024 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194
Title		ASoC: meson: axg-card: fix 'use-after-free'
References		https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86 https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607 https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037 https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-27T12:42:43.316Z

Updated: 2025-05-04T09:35:53.431Z

Reserved: 2024-09-11T15:12:18.290Z

Link: CVE-2024-46849

Vulnrichment

Updated: 2024-09-29T13:58:43.363Z

NVD

Status : Modified

Published: 2024-09-27T13:15:16.723

Modified: 2024-11-08T16:15:23.603

Link: CVE-2024-46849

Redhat

Severity : Moderate

Publid Date: 2024-09-27T00:00:00Z

Links: CVE-2024-46849 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46849", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.290Z", "datePublished": "2024-09-27T12:42:43.316Z", "dateUpdated": "2025-05-04T09:35:53.431Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:35:53.431Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/meson/axg-card.c"], "versions": [{"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "a33145f494e6cb82f3e018662cc7c4febf271f22", "status": "affected", "versionType": "git"}, {"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "5a2cc2bb81399e9ebc72560541137eb04d61dc3d", "status": "affected", "versionType": "git"}, {"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "fb0530025d502cb79d2b2801b14a9d5261833f1a", "status": "affected", "versionType": "git"}, {"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "e1a199ec31617242e1a0ea8f312341e682d0c037", "status": "affected", "versionType": "git"}, {"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "e43364f578cdc2f8083abbc0cb743ea55e827c29", "status": "affected", "versionType": "git"}, {"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "7d318166bf55e9029d56997c3b134f4ac2ae2607", "status": "affected", "versionType": "git"}, {"version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "4f9a71435953f941969a4f017e2357db62d85a86", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/meson/axg-card.c"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.285", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.111", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.52", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.11", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.4.285"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.10.227"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "5.15.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.1.111"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.6.52"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.10.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22"}, {"url": "https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d"}, {"url": "https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a"}, {"url": "https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037"}, {"url": "https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29"}, {"url": "https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607"}, {"url": "https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86"}], "title": "ASoC: meson: axg-card: fix 'use-after-free'", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T13:58:41.870222Z", "id": "CVE-2024-46849", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T13:58:47.013Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46849", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T13:58:41.870222Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T13:58:43.363Z"}}], "cna": {"title": "ASoC: meson: axg-card: fix 'use-after-free'", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "a33145f494e6cb82f3e018662cc7c4febf271f22", "versionType": "git"}, {"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "5a2cc2bb81399e9ebc72560541137eb04d61dc3d", "versionType": "git"}, {"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "fb0530025d502cb79d2b2801b14a9d5261833f1a", "versionType": "git"}, {"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "e1a199ec31617242e1a0ea8f312341e682d0c037", "versionType": "git"}, {"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "e43364f578cdc2f8083abbc0cb743ea55e827c29", "versionType": "git"}, {"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "7d318166bf55e9029d56997c3b134f4ac2ae2607", "versionType": "git"}, {"status": "affected", "version": "7864a79f37b55769b817d5e6c5ae0ca4bfdba93b", "lessThan": "4f9a71435953f941969a4f017e2357db62d85a86", "versionType": "git"}], "programFiles": ["sound/soc/meson/axg-card.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.19"}, {"status": "unaffected", "version": "0", "lessThan": "4.19", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.285", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.111", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.52", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.11", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/meson/axg-card.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22"}, {"url": "https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d"}, {"url": "https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a"}, {"url": "https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037"}, {"url": "https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29"}, {"url": "https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607"}, {"url": "https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.285", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.227", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.168", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.111", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.52", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.11", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "4.19"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:35:53.431Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46849", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:35:53.431Z", "dateReserved": "2024-09-11T15:12:18.290Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-27T12:42:43.316Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C9A750A-3F42-46E2-BCB0-A2C65765F885", "versionEndExcluding": "6.1.111", "versionStartIncluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "02ADDA94-95BB-484D-8E95-63C0428A28E3", "versionEndExcluding": "6.6.52", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5DB5367-F1F5-4200-B3B3-FDF8AFC3D255", "versionEndExcluding": "6.10.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*", "matchCriteriaId": "DE5298B3-04B4-4F3E-B186-01A58B5C75A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: meson: axg-card: fix 'use-after-free'\n\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\n\nKasan bug report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\n\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\n dump_backtrace+0x94/0xec\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x90\n print_report+0xfc/0x5c0\n kasan_report+0xb8/0xfc\n __asan_load8+0x9c/0xb8\n axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\n meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\n platform_probe+0x8c/0xf4\n really_probe+0x110/0x39c\n __driver_probe_device+0xb8/0x18c\n driver_probe_device+0x108/0x1d8\n __driver_attach+0xd0/0x25c\n bus_for_each_dev+0xe0/0x154\n driver_attach+0x34/0x44\n bus_add_driver+0x134/0x294\n driver_register+0xa8/0x1e8\n __platform_driver_register+0x44/0x54\n axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\n do_one_initcall+0xdc/0x25c\n do_init_module+0x10c/0x334\n load_module+0x24c4/0x26cc\n init_module_from_file+0xd4/0x128\n __arm64_sys_finit_module+0x1f4/0x41c\n invoke_syscall+0x60/0x188\n el0_svc_common.constprop.0+0x78/0x13c\n do_el0_svc+0x30/0x40\n el0_svc+0x38/0x78\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: meson: axg-card: se corrige el problema 'use-after-free'. El b\u00fafer 'card->dai_link' se reasigna en 'meson_card_reallocate_links()', por lo que se mueve la inicializaci\u00f3n del puntero 'pad' despu\u00e9s de esta funci\u00f3n cuando la memoria ya est\u00e1 reasignada. Informe de error de Kasan: ===================================================================== ERROR: KASAN: slab-use-after-free en axg_card_add_link+0x76c/0x9bc Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff000000e8b260 por la tarea modprobe/356 CPU: 0 PID: 356 Comm: modprobe Contaminado: GO 6.9.12-sdkernel #1 Rastreo de llamadas: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 registro_controlador+0xa8/0x1e8 __registro_controlador_plataforma+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] hacer_una_llamada_inicio+0xdc/0x25c hacer_m\u00f3dulo_inicio+0x10c/0x334 cargar_m\u00f3dulo+0x24c4/0x26cc m\u00f3dulo_inicio_desde_archivo+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invocar_llamada_al_sistema+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c hacer_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194"}], "id": "CVE-2024-46849", "lastModified": "2024-11-08T16:15:23.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-27T13:15:16.723", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f9a71435953f941969a4f017e2357db62d85a86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5a2cc2bb81399e9ebc72560541137eb04d61dc3d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d318166bf55e9029d56997c3b134f4ac2ae2607"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e43364f578cdc2f8083abbc0cb743ea55e827c29"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fb0530025d502cb79d2b2801b14a9d5261833f1a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: meson: axg-card: fix 'use-after-free'", "id": "2315201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315201"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: meson: axg-card: fix 'use-after-free'\nBuffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',\nso move 'pad' pointer initialization after this function when memory is\nalready reallocated.\nKasan bug report:\n==================================================================\nBUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc\nRead of size 8 at addr ffff000000e8b260 by task modprobe/356\nCPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1\nCall trace:\ndump_backtrace+0x94/0xec\nshow_stack+0x18/0x24\ndump_stack_lvl+0x78/0x90\nprint_report+0xfc/0x5c0\nkasan_report+0xb8/0xfc\n__asan_load8+0x9c/0xb8\naxg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card]\nmeson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils]\nplatform_probe+0x8c/0xf4\nreally_probe+0x110/0x39c\n__driver_probe_device+0xb8/0x18c\ndriver_probe_device+0x108/0x1d8\n__driver_attach+0xd0/0x25c\nbus_for_each_dev+0xe0/0x154\ndriver_attach+0x34/0x44\nbus_add_driver+0x134/0x294\ndriver_register+0xa8/0x1e8\n__platform_driver_register+0x44/0x54\naxg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card]\ndo_one_initcall+0xdc/0x25c\ndo_init_module+0x10c/0x334\nload_module+0x24c4/0x26cc\ninit_module_from_file+0xd4/0x128\n__arm64_sys_finit_module+0x1f4/0x41c\ninvoke_syscall+0x60/0x188\nel0_svc_common.constprop.0+0x78/0x13c\ndo_el0_svc+0x30/0x40\nel0_svc+0x38/0x78\nel0t_64_sync_handler+0x100/0x12c\nel0t_64_sync+0x190/0x194"], "name": "CVE-2024-46849", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46849\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46849\nhttps://lore.kernel.org/linux-cve-announce/2024092741-CVE-2024-46849-93c5@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object