NULL Pointer Dereference Affecting kernel-cross-headers package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-KERNELCROSSHEADERS-8403884
- published 26 Nov 2024
- disclosed 7 Nov 2024
Introduced: 7 Nov 2024
New CVE-2024-50160 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:8
kernel-cross-headers
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers
package and not the kernel-cross-headers
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/cs8409: Fix possible NULL dereference
If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line.
Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
- https://access.redhat.com/security/cve/CVE-2024-50160
- https://git.kernel.org/stable/c/21dc97d5086fdabbe278786bb0a03cbf2e26c793
- https://git.kernel.org/stable/c/4e19aca8db696b6ba4dd8c73657405e15c695f14
- https://git.kernel.org/stable/c/8971fd61210d75fd2af225621cd2fcc87eb1847c
- https://git.kernel.org/stable/c/a5dd71a8b849626f42d08a5e73d382f2016fc7bc
- https://git.kernel.org/stable/c/c9bd4a82b4ed32c6d1c90500a52063e6e341517f