mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
20 lines
2.1 KiB
Markdown
20 lines
2.1 KiB
Markdown
|
### [CVE-2024-46849](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46849)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
In the Linux kernel, the following vulnerability has been resolved:ASoC: meson: axg-card: fix 'use-after-free'Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',so move 'pad' pointer initialization after this function when memory isalready reallocated.Kasan bug report:==================================================================BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bcRead of size 8 at addr ffff000000e8b260 by task modprobe/356CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
No PoCs from references.
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/w4zu/Debian_security
|
||
|
|
|