VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5zja-98vc-qucg

Essentials
Severities (11)
References (7)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5zja-98vc-qucg
Aliases	CVE-2024-26799
Summary	In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix uninitialized pointer dmactl In the case where __lpass_get_dmactl_handle is called and the driver id dai_id is invalid the pointer dmactl is not being assigned a value, and dmactl contains a garbage value since it has not been initialized and so the null check may not work. Fix this to initialize dmactl to NULL. One could argue that modern compilers will set this to zero, but it is useful to keep this initialized as per the same way in functions __lpass_platform_codec_intf_init and lpass_cdc_dma_daiops_hw_params. Cleans up clang scan build warning: sound/soc/qcom/lpass-cdc-dma.c:275:7: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-822

Untrusted Pointer Dereference

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26799.json
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-26799
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-26799
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2024-26799
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.2	https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee
ssvc	Track	https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee
cvssv3.1	6.2	https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf
ssvc	Track	https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf
cvssv3.1	6.2	https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b
ssvc	Track	https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26799.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-26799
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1382d8b55129875b2e07c4d2a7ebc790183769ee		https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee
2273432		https://bugzilla.redhat.com/show_bug.cgi?id=2273432
99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf		https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf
d5a7726e6ea62d447b79ab5baeb537ea6bdb225b		https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26799.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:07:57Z/ Found at https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:07:57Z/ Found at https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-04T15:07:57Z/ Found at https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b

Exploit Prediction Scoring System (EPSS)

Percentile	0.0481
EPSS Score	0.00018
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:49:58.632837+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0