CVE-2024-35842 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2024-35842?

CVE-2024-35842 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's MediaTek ASoC (Audio System on Chip) subsystem could cause kernel panics when accessing uninitialized 'normal_link' strings in sof_conn_stream structures. This affects Linux systems with MediaTek SoCs that use SOF (Sound Open Firmware) audio paths, particularly MT8188 and similar chips. The vulnerability requires local access to trigger.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's MediaTek ASoC (Audio System on Chip) subsystem could cause kernel panics when accessing uninitialized 'normal_link' strings in sof_conn_stream structures. This affects Linux systems with MediaTek SoCs that use SOF (Sound Open Firmware) audio paths, particularly MT8188 and similar chips. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:

Linux kernel with MediaTek ASoC SOF support

Versions: Linux kernel versions before fixes in stable trees (specific commits listed in references)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with MediaTek SoCs using SOF audio paths, particularly MT8188 and future drivers with similar configurations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker triggers kernel panic leading to denial of service (system crash), potentially causing data loss or service disruption.

🟠

Likely Case

Accidental triggering by legitimate audio operations causing system instability or crashes in affected configurations.

🟢

If Mitigated

Minor system instability with no privilege escalation or data compromise.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or processes could trigger system crashes affecting availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to trigger through audio subsystem operations. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable commits: b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd, cad471227a37c0c7c080bfc9ed01b53750e82afe, cde6ca5872bf67744dffa875a7cb521ab007b7ef, e3b3ec967a7d93b9010a5af9a2394c8b5c8f31ed

Vendor Advisory: https://git.kernel.org/stable/c/b1d3db6740d0997ffc6e5a0d96ef7cbd62b35fdd

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable affected audio drivers

linux

Blacklist or disable MediaTek ASoC SOF drivers if not needed

echo 'blacklist snd-soc-mt8188' > /etc/modprobe.d/disable-mtk-audio.conf
update-initramfs -u

🧯 If You Can't Patch

Restrict local user access to systems with affected MediaTek hardware
Monitor system logs for kernel panic events related to audio subsystem

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using MediaTek ASoC SOF drivers: 'uname -r' and 'lsmod | grep snd-soc-mtk'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'uname -r' and check kernel changelog for commit hashes

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
NULL pointer dereference errors mentioning 'normal_link' or 'sof_conn_stream'

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic") AND ("normal_link" OR "sof_conn_stream" OR "ASoC" OR "MediaTek")

📊 Metadata

CVE ID: CVE-2024-35842

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 17, 2024

Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35842, you might also want to check these: