CVE-2024-43818
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's ASoC AMD driver occurs when acpi_get_first_physical_node() returns NULL, but the code doesn't properly handle this error before passing the NULL pointer to devm_acpi_dev_add_driver_gpios(). This causes a kernel panic or system crash. Affects Linux systems using the affected AMD ASoC driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or kernel panic when the driver encounters specific hardware configurations or ACPI table errors.
If Mitigated
Minor service interruption if systems have proper monitoring and automatic recovery mechanisms.
🎯 Exploit Status
Exploitation requires triggering the specific error condition in acpi_get_first_physical_node(), which depends on hardware/ACPI configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1ba9856cf7f6492b47c1edf853137f320d583db5, 5080808c3339de2220c602ab7c7fa23dc6c1a5a3, 99b642dac24f6d09ba3ebf1d690be8aefff86164, b1173d64edd276c957b6d09e1f971c85b38f1519
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. For Debian: apt update && apt upgrade linux-image-*. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable AMD ASoC driver
linuxPrevent loading of the vulnerable driver module
echo 'blacklist snd-soc-amd' >> /etc/modprobe.d/blacklist.conf
rmmod snd_soc_amd
🧯 If You Can't Patch
- Ensure proper hardware configuration and ACPI tables to avoid triggering the NULL return condition
- Implement monitoring for kernel panics and automatic recovery mechanisms
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if AMD ASoC driver is loaded: lsmod | grep snd_soc_amd && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is patched and driver loads without issues: dmesg | grep -i amd📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- NULL pointer dereference errors mentioning amd or ASoC
Network Indicators:
- Sudden loss of connectivity from affected system
SIEM Query:
source="kernel" AND ("panic" OR "NULL pointer" OR "dereference") AND ("amd" OR "ASoC")🔗 References
- https://git.kernel.org/stable/c/1ba9856cf7f6492b47c1edf853137f320d583db5
- https://git.kernel.org/stable/c/5080808c3339de2220c602ab7c7fa23dc6c1a5a3
- https://git.kernel.org/stable/c/99b642dac24f6d09ba3ebf1d690be8aefff86164
- https://git.kernel.org/stable/c/b1173d64edd276c957b6d09e1f971c85b38f1519
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
