Detections
Analytics
Linux Distros Unpatched Vulnerability : CVE-2024-58077
critical Nessus Plugin ID 232264
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.- In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 (ASoC: lower no backend DAIs enabled for ... Port log severity) ignores -EINVAL error message on common soc_pcm_ret(). It is used from many functions, ignoring
-EINVAL is over-kill. The reason why -EINVAL was ignored was it really should only be used upon invalid parameters coming from userspace and in that case we don't want to log an error since we do not want to give userspace a way to do a denial-of-service attack on the syslog / diskspace. So don't use soc_pcm_ret() on .prepare callback is better idea. (CVE-2024-58077)
Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.Plugin Details
Severity: Critical
ID: 232264
File Name: unpatched_CVE_2024_58077.nasl
Version: 1.1
Type: local
Agent: unix
Family: Misc.
Published: 3/6/2025
Updated: 3/6/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2024-58077
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 3/6/2025
Reference Information
CVE: CVE-2024-58077