{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42278", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.261Z", "datePublished": "2024-08-17T09:08:46.120Z", "dateUpdated": "2025-05-04T12:57:55.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:55.123Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/tas2781-fmwlib.c"], "versions": [{"version": "57847c2ec5fb5e951fe9028f9e587e3e878d9129", "lessThan": "6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06", "status": "affected", "versionType": "git"}, {"version": "b195acf5266d2dee4067f89345c3e6b88d925311", "lessThan": "51be301d29d674ff328dfcf23705851f326f35b3", "status": "affected", "versionType": "git"}, {"version": "b195acf5266d2dee4067f89345c3e6b88d925311", "lessThan": "92c78222168e9035a9bfb8841c2e56ce23e51f73", "status": "affected", "versionType": "git"}, {"version": "ddcf2bb619e3955f0e372d4bd8558758fd56303f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/tas2781-fmwlib.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.33", "versionEndExcluding": "6.6.44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.10.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06"}, {"url": "https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3"}, {"url": "https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73"}], "title": "ASoC: TAS2781: Fix tasdev_load_calibrated_data()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42278", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:46.015448Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:31.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42278", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:11:46.015448Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.821Z"}}], "cna": {"title": "ASoC: TAS2781: Fix tasdev_load_calibrated_data()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "57847c2ec5fb5e951fe9028f9e587e3e878d9129", "lessThan": "6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06", "versionType": "git"}, {"status": "affected", "version": "b195acf5266d2dee4067f89345c3e6b88d925311", "lessThan": "51be301d29d674ff328dfcf23705851f326f35b3", "versionType": "git"}, {"status": "affected", "version": "b195acf5266d2dee4067f89345c3e6b88d925311", "lessThan": "92c78222168e9035a9bfb8841c2e56ce23e51f73", "versionType": "git"}, {"status": "affected", "version": "ddcf2bb619e3955f0e372d4bd8558758fd56303f", "versionType": "git"}], "programFiles": ["sound/soc/codecs/tas2781-fmwlib.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.10"}, {"status": "unaffected", "version": "0", "lessThan": "6.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/codecs/tas2781-fmwlib.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06"}, {"url": "https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3"}, {"url": "https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.6.33"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "6.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.9.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:57:55.123Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42278", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:57:55.123Z", "dateReserved": "2024-07-30T07:40:12.261Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:08:46.120Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "720C4410-E38F-4060-A8CD-338FBB4CF4B6", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.6.33", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AD9A837-E824-444A-8442-914E09BE6199", "versionEndExcluding": "6.10", "versionStartIncluding": "6.9.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "21DC7A88-E88C-4C44-9AFB-CBB30134097C", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\n\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ASoC: TAS2781: Fix tasdev_load_calibrated_data() Esta funci\u00f3n tiene una declaraci\u00f3n if invertida, por lo que no funciona o conduce a una desreferencia NULL."}], "id": "CVE-2024-42278", "lastModified": "2024-09-30T12:53:36.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-08-17T09:15:08.813", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/51be301d29d674ff328dfcf23705851f326f35b3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6d98741dbd1309a6f2d7cffbb10a8f036ec3ca06"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/92c78222168e9035a9bfb8841c2e56ce23e51f73"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}], "bugzilla": {"description": "kernel: ASoC: TAS2781: Fix tasdev_load_calibrated_data()", "id": "2305423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305423"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: TAS2781: Fix tasdev_load_calibrated_data()\nThis function has a reversed if statement so it's either a no-op or it\nleads to a NULL dereference.", "In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdev_load_calibrated_data(). This function has a reversed if statement resulting in a no-op or leading to a NULL dereference."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42278", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42278\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42278\nhttps://lore.kernel.org/linux-cve-announce/2024081742-CVE-2024-42278-e639@gregkh/T"], "statement": "Red Hat Enterprise Linux 6, 7, and 8 is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate"}