fkie_cve-2024-56533
Vulnerability from fkie_nvd
Published
2024-12-27 14:15
Modified
2024-12-27 14:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/24fe9f7ca83ec9acf765339054951f5cd9ae5c5d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7bd8838c0ea886679a32834fdcacab296d072fbe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/befcca1777525e37c659b4129d8ac7463b07ef67
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dafb28f02be407e07a6f679e922a626592b481b0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e07605d855c4104d981653146a330ea48f6266ed
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e869642a77a9b3b98b0ab2c8fec7af4385140909
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ffbfc6c4330fc233698529656798bee44fea96f5
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: Use snd_card_free_when_closed() at disconnection\n\nThe USB disconnect callback is supposed to be short and not too-long\nwaiting.  OTOH, the current code uses snd_card_free() at\ndisconnection, but this waits for the close of all used fds, hence it\ncan take long.  It eventually blocks the upper layer USB ioctls, which\nmay trigger a soft lockup.\n\nAn easy workaround is to replace snd_card_free() with\nsnd_card_free_when_closed().  This variant returns immediately while\nthe release of resources is done asynchronously by the card device\nrelease at the last close.",
      },
      {
         lang: "es",
         value: "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usx2y: Usar snd_card_free_when_closed() en la desconexión Se supone que la devolución de llamada de desconexión USB es corta y no requiere una espera demasiado larga. Por otro lado, el código actual usa snd_card_free() en la desconexión, pero esto espera el cierre de todos los fds usados, por lo tanto, puede tomar mucho tiempo. Eventualmente bloquea los ioctl USB de la capa superior, lo que puede desencadenar un bloqueo suave. Una solución fácil es reemplazar snd_card_free() con snd_card_free_when_closed(). Esta variante regresa inmediatamente mientras que la liberación de recursos se realiza de forma asincrónica por la liberación del dispositivo de la tarjeta en el último cierre.",
      },
   ],
   id: "CVE-2024-56533",
   lastModified: "2024-12-27T14:15:32.800",
   metrics: {},
   published: "2024-12-27T14:15:32.800",
   references: [
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/24fe9f7ca83ec9acf765339054951f5cd9ae5c5d",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/7bd8838c0ea886679a32834fdcacab296d072fbe",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/befcca1777525e37c659b4129d8ac7463b07ef67",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/dafb28f02be407e07a6f679e922a626592b481b0",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/e07605d855c4104d981653146a330ea48f6266ed",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/e869642a77a9b3b98b0ab2c8fec7af4385140909",
      },
      {
         source: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
         url: "https://git.kernel.org/stable/c/ffbfc6c4330fc233698529656798bee44fea96f5",
      },
   ],
   sourceIdentifier: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
   vulnStatus: "Awaiting Analysis",
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.