Login Sign Up

CVE-2024-39473

5.5 MEDIUM

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's Sound Open Firmware (SOF) subsystem allows local attackers to cause a kernel panic or system crash. This affects systems using SOF for audio processing with specifically crafted audio topology configurations. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:
  • Linux kernel with SOF (Sound Open Firmware) subsystem enabled
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when SOF subsystem is enabled and used for audio processing. Requires specific audio topology configurations to trigger.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service (system crash), potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through kernel panic when malicious audio topology is loaded.

🟢

If Mitigated

Minimal impact with proper access controls preventing local users from loading custom audio topologies.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes could cause system crashes, but requires specific audio topology manipulation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to load specifically crafted audio topology configurations. Not trivial to exploit without understanding SOF audio subsystem.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 9e16f17a2a0e97b43538b272e7071537a3e03368, e3ae00ee238bce6cfa5ad935c921181c14d18fd6, ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8

Vendor Advisory: https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for patched kernel packages. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable SOF subsystem

linux

Disable Sound Open Firmware subsystem if not required for audio functionality

modprobe -r snd_sof
echo 'blacklist snd_sof' >> /etc/modprobe.d/blacklist.conf

Restrict audio topology loading

linux

Implement access controls to prevent unauthorized users from loading custom audio topologies

chmod 644 /sys/class/sound/controlC*/topology
setfacl -m u:root:rw /sys/class/sound/controlC*/topology

🧯 If You Can't Patch

  • Implement strict access controls to prevent local users from loading custom audio topologies
  • Monitor system logs for kernel panic events related to SOF subsystem

🔍 How to Verify

Check if Vulnerable:

Check if SOF subsystem is loaded: lsmod | grep snd_sof. Check kernel version: uname -r and compare with patched versions from your distribution.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check with: grep -r '9e16f17a2a0e97b43538b272e7071537a3e03368' /usr/src/linux-headers-$(uname -r)/

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • NULL pointer dereference errors mentioning SOF or ipc4-topology

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kern.log" AND "NULL pointer dereference" AND ("SOF" OR "ipc4-topology")

📊 Metadata

CVE ID: CVE-2024-39473
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: July 5, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39473, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)