CVE-2024-42074
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the Linux kernel's AMD ACP audio driver. When the system resumes from suspend mode, a missing null check could cause a kernel panic if the chip platform device wasn't properly initialized. This affects Linux systems with AMD processors using the affected ACP audio driver.
💻 Affected Systems
- Linux kernel with AMD ACP audio driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.
Likely Case
System crash when resuming from suspend state on affected hardware configurations.
If Mitigated
No impact if the system doesn't use suspend/resume functionality or if the ACP device is properly initialized.
🎯 Exploit Status
Exploitation requires local access to trigger suspend/resume cycle. No privilege escalation or remote code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 98d919dfee1cc402ca29d45da642852d7c9a2301 or b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6
Vendor Advisory: https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable suspend functionality
linuxPrevent system from entering suspend state where vulnerability triggers
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
Blacklist ACP driver
linuxPrevent loading of vulnerable ACP audio driver
echo 'blacklist snd_acp' >> /etc/modprobe.d/blacklist-acp.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Avoid using system suspend/resume functionality on affected systems
- Implement monitoring for kernel panics and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ACP module is loaded: 'lsmod | grep snd_acp' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- System crash during resume from suspend
Network Indicators:
- Sudden loss of connectivity from system after suspend/resume
SIEM Query:
source="kernel" AND "panic" AND "snd_acp" OR "ACP"🔗 References
- https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301
- https://git.kernel.org/stable/c/b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6
- https://git.kernel.org/stable/c/e158ed266fc1adfa456880fb6dabce2e5623843b
- https://git.kernel.org/stable/c/98d919dfee1cc402ca29d45da642852d7c9a2301
- https://git.kernel.org/stable/c/b0c39ae1cc86afe74aa2f6273ccb514f8d180cf6
- https://git.kernel.org/stable/c/e158ed266fc1adfa456880fb6dabce2e5623843b
