CVE-2024-46793
📋 TL;DR
This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's ASoC (Audio System on Chip) subsystem for Intel BYT/CHT boards. The vulnerability occurs when the kernel attempts to access memory through a zero-sized dummy codec array, potentially causing kernel crashes or system instability. This affects Linux systems using Intel Bay Trail (BYT) or Cherry Trail (CHT) processors with specific audio configurations.
💻 Affected Systems
- Linux kernel with ASoC Intel BYT/CHT board support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.
Likely Case
System crash or kernel panic when specific audio configurations are loaded, resulting in denial of service.
If Mitigated
No impact if the vulnerable audio configuration is not used or if the system is patched.
🎯 Exploit Status
Exploitation requires specific hardware configuration and triggering the vulnerable audio subsystem code path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits 0cc65482f5b03ac2b1c240bc34665e43ea2d71bb and 85cda5b040bda9c577b34eb72d5b2e5b7e31985c
Vendor Advisory: https://git.kernel.org/stable/c/0cc65482f5b03ac2b1c240bc34665e43ea2d71bb
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fixes 2. Reboot system 3. Verify kernel version after reboot
🔧 Temporary Workarounds
Disable vulnerable audio configuration
linuxAvoid using Intel BYT/CHT audio configurations with dummy codec declarations
echo 'blacklist snd_soc_sst_bytcr_wm5102' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Avoid using Intel BYT/CHT audio configurations that trigger the vulnerable code path
- Implement system monitoring for kernel crashes related to audio subsystem
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if using Intel BYT/CHT processors with affected audio configurationsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits 0cc65482f5b03ac2b1c240bc34665e43ea2d71bb or 85cda5b040bda9c577b34eb72d5b2e5b7e31985c📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- BUG: unable to handle page fault
- Call traces involving snd_soc_sst_bytcr_wm5102
Network Indicators:
- None - local kernel vulnerability
SIEM Query:
source="kernel" AND ("BUG: unable to handle page fault" OR "snd_soc_sst_bytcr_wm5102")