1. Home
  2. CVE Database
  3. CVE-2024-38388
LOW · 3.3

CVE-2024-38388

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block...

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
LinuxLinux Kernel>= 6.0, < 6.1.93

Related Weaknesses (CWE)

CWE-401

References

FAQ

What is CVE-2024-38388?

CVE-2024-38388 is a vulnerability with a CVSS score of 3.3 (LOW). In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block...

How severe is CVE-2024-38388?

CVE-2024-38388 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-38388?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.