{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T03:06:06.934","vulnerabilities":[{"cve":{"id":"CVE-2024-56685","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-12-28T10:15:11.593","lastModified":"2025-09-26T20:26:57.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Check num_codecs is not zero to avoid panic during probe\n\nFollowing commit 13f58267cda3 (\"ASoC: soc.h: don't create dummy\nComponent via COMP_DUMMY()\"), COMP_DUMMY() became an array with zero\nlength, and only gets populated with the dummy struct after the card is\nregistered. Since the sound card driver's probe happens before the card\nregistration, accessing any of the members of a dummy component during\nprobe will result in undefined behavior.\n\nThis can be observed in the mt8188 and mt8195 machine sound drivers. By\nomitting a dai link subnode in the sound card's node in the Devicetree,\nthe default uninitialized dummy codec is used, and when its dai_name\npointer gets passed to strcmp() it results in a null pointer dereference\nand a kernel panic.\n\nIn addition to that, set_card_codec_info() in the generic helpers file,\nmtk-soundcard-driver.c, will populate a dai link with a dummy codec when\na dai link node is present in DT but with no codec property.\n\nThe result is that at probe time, a dummy codec can either be\nuninitialized with num_codecs = 0, or be an initialized dummy codec,\nwith num_codecs = 1 and dai_name = \"snd-soc-dummy-dai\". In order to\naccommodate for both situations, check that num_codecs is not zero\nbefore accessing the codecs' fields but still check for the codec's dai\nname against \"snd-soc-dummy-dai\" as needed.\n\nWhile at it, also drop the check that dai_name is not null in the mt8192\ndriver, introduced in commit 4d4e1b6319e5 (\"ASoC: mediatek: mt8192:\nCheck existence of dai_name before dereferencing\"), as it is actually\nredundant given the preceding num_codecs != 0 check."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: comprobar que num_codecs no es cero para evitar el pánico durante el sondeo Después de el commit 13f58267cda3 (\"ASoC: soc.h: no crear un componente ficticio mediante COMP_DUMMY()\"), COMP_DUMMY() se convirtió en una matriz con longitud cero y solo se rellena con la estructura ficticia después de que se registra la tarjeta. Dado que el sondeo del controlador de la tarjeta de sonido ocurre antes del registro de la tarjeta, acceder a cualquiera de los miembros de un componente ficticio durante el sondeo dará como resultado un comportamiento indefinido. Esto se puede observar en los controladores de sonido de las máquinas mt8188 y mt8195. Al omitir un subnodo de enlace dai en el nodo de la tarjeta de sonido en Devicetree, se utiliza el códec ficticio no inicializado predeterminado y, cuando su puntero dai_name se pasa a strcmp(), da como resultado una desreferencia de puntero nulo y un pánico del kernel. Además de eso, set_card_codec_info() en el archivo de ayuda genérico, mtk-soundcard-driver.c, llenará un enlace dai con un códec ficticio cuando un nodo de enlace dai esté presente en DT pero sin ninguna propiedad de códec. El resultado es que en el momento de la prueba, un códec ficticio puede no estar inicializado con num_codecs = 0, o ser un códec ficticio inicializado, con num_codecs = 1 y dai_name = \"snd-soc-dummy-dai\". Para tener en cuenta ambas situaciones, verifique que num_codecs no sea cero antes de acceder a los campos de los códecs, pero aún así verifique el nombre dai del códec contra \"snd-soc-dummy-dai\" según sea necesario. Mientras tanto, también elimine la verificación de que dai_name no sea nulo en el controlador mt8192, introducida en el commit 4d4e1b6319e5 (\"ASoC: mediatek: mt8192: Verificar la existencia de dai_name antes de desreferenciar\"), ya que en realidad es redundante dada la verificación anterior de num_codecs != 0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.11.11","matchCriteriaId":"FF76D5FF-944B-4187-AE80-15327D64BB22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.2","matchCriteriaId":"D8882B1B-2ABC-4838-AC1D-DBDBB5764776"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2f2020327cc8561d7c520d2f2d9acea84fa7b3a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/376f4800f34a28def026ff5c5d4fc5e54e1744ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/550279449ff54c5aa28cfca5c567308cbfb145f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}