Vulnerabilities > CVE-2024-50011 - Infinite Loop vulnerability in Linux Kernel

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

linux

CWE-835

NVD

Published: 2024-10-21

Updated: 2024-11-01

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel 6.12 Linux Linux Kernel 6.11 Linux Linux Kernel 6.11.1 Linux Linux Kernel 6.11.2	12

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://git.kernel.org/stable/c/aa3109ee91fe09e696274e6ac44813df8d13678f
https://git.kernel.org/stable/c/5afc29ba44fdd1bcbad4e07246c395d946301580