What is CVE-2024-39491?

CVE-2024-39491 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-39491 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-39491?

CVE-2024-39491 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-39491?

No patch is currently available for CVE-2024-39491. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-39491 actively exploited?

CVE-2024-39491 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-39491

Medium

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to cs_dsp_remove() in the error path of cs35l56_hda_common_probe(). The call to cs_dsp_remove() was being done in the component unbind callback cs35l56_hda_unbind(). This meant that if the driver was unbound and then re-bound it would be using an uninitialized cs_dsp instance. It is best to initialize the cs_dsp instance in probe() so that it can return an error if it fails. The component binding API doesn't have any error handling so there's no way to handle a failure if cs_dsp was initialized in the bind.

Package Linux Kernel

Published 2024-07-10

Last modified 2025-09-17

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-908

CVE-2024-39491 is classified as CWE-908

See CWE-908 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2024-39491 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/60d5e087e5f334475b032ad7e6ad849fb998f303
Patch
Kernel patch commit
https://git.kernel.org/stable/c/9054c474f9c219e58a441e401c0e6e38fe713ff1
Patch
Kernel patch commit
https://git.kernel.org/stable/c/d344873c4cbde249b7152d36a273bcc45864001e
Patch

Details

CVE ID CVE-2024-39491

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-07-10

Modified 2025-09-17

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-39491?

CVE-2024-39491 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-39491 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-39491?

CVE-2024-39491 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-39491?

No patch is currently available for CVE-2024-39491. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-39491 actively exploited?

No — CVE-2024-39491 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.