cve 2024 42074

CVE-2024-42074 is a Linux kernel vulnerability affecting the AMD ASoC audio subsystem, specifically a null-pointer dereference in the snd_acp_resume() function. Microsoft's advisory confirms that Azure Linux includes the affected open-source library and is potentially impacted, but this is an inventory attestation rather than a guarantee that no other Microsoft products contain the same vulnerable code. The fix involves adding a null check for the chip_pdev pointer to prevent crashes when an ACP platform device is skipped during probe. This vulnerability was addressed upstream in kernel stable trees and is tracked in public vulnerability databases.