CVE-2024-58012
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's Sound Open Firmware (SOF) subsystem for Intel HDA audio devices could cause kernel crashes or system instability. This affects Linux systems using SOF audio drivers with aggregated amplifier topologies. Attackers could potentially trigger denial of service conditions.
💻 Affected Systems
- Linux kernel with SOF Intel HDA audio drivers
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical or remote console access to restore functionality.
Likely Case
Audio subsystem crash causing loss of audio functionality, with possible system instability requiring reboot.
If Mitigated
Minor system disruption with audio functionality temporarily unavailable until driver reload or system restart.
🎯 Exploit Status
Requires ability to trigger specific audio parameter operations on affected hardware configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 569922b82ca660f8b24e705f6cf674e6b1f99cc7, 789a2fbf0900982788408d3b0034e0e3f914fb3b, e012a77e4d7632cf615ba9625b1600ed8985c3b5)
Vendor Advisory: https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from distribution repositories. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable SOF audio driver
linuxBlacklist or disable the affected SOF Intel HDA audio driver module
echo 'blacklist snd-sof-intel-hda' | sudo tee /etc/modprobe.d/sof-blacklist.conf
sudo update-initramfs -u
sudo reboot
Use alternative audio driver
linuxSwitch to legacy HDA audio driver instead of SOF driver
echo 'options snd-intel-dspcfg dsp_driver=1' | sudo tee /etc/modprobe.d/intel-audio.conf
sudo update-initramfs -u
sudo reboot
🧯 If You Can't Patch
- Restrict audio device access to trusted users only
- Monitor system logs for kernel panic or audio subsystem crash events
🔍 How to Verify
Check if Vulnerable:
Check if system uses SOF audio drivers: lsmod | grep snd_sof && dmesg | grep -i sofCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes patched commits or verify audio functionality with aggregated amplifier configurations📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in dmesg
- Audio subsystem crash logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "sof" AND "crash")