NULL Pointer Dereference Affecting cluster-md-kmp-default package, versions <6.4.0-150600.23.14.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-CLUSTERMDKMPDEFAULT-7549635
- published 23 Jul 2024
- disclosed 22 Jul 2024
Introduced: 22 Jul 2024
CVE-2023-52806 Open this link in a new tabHow to fix?
Upgrade SLES:15.6 cluster-md-kmp-default to version 6.4.0-150600.23.14.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream cluster-md-kmp-default package and not the cluster-md-kmp-default package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may be a stub, what is the case when code-loading, such scenario ends with null-ptr-deref.
References
- https://www.suse.com/security/cve/CVE-2023-52806.html
- https://bugzilla.suse.com/1225554
- https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250
- https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7
- https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4
- https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd
- https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e
- https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323
- https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b
- https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236
- https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0