Linux Kernel HDA Audio Driver Infinite Loop
CVE-2024-51564 Published on November 12, 2024
A guest can trigger an infinite loop in the hda audio driver.
Vulnerability Analysis
CVE-2024-51564 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Products Associated with CVE-2024-51564
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-51564 are published in these products:
Affected Versions
FreeBSD:- Version 14.1-RELEASE and below p6 is affected.
- Version 13.4-RELEASE and below p2 is affected.
- Version 13.3-RELEASE and below p8 is affected.
- Version 13.3 and below 13.3_p8 is affected.
- Version 13.4 and below 13.4_p2 is affected.
- Version 14.1 and below 14.1_p6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.