4.7

CVE-2024-44954

ALSA: line6: Fix racy access to midibuf

In the Linux kernel, the following vulnerability has been resolved:

ALSA: line6: Fix racy access to midibuf

There can be concurrent accesses to line6 midibuf from both the URB
completion callback and the rawmidi API access.  This could be a cause
of KMSAN warning triggered by syzkaller below (so put as reported-by
here).

This patch protects the midibuf call of the former code path with a
spinlock for avoiding the possible races.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.320
LinuxLinux Kernel Version > 4.20 < 5.4.282
LinuxLinux Kernel Version >= 5.5 < 5.10.224
LinuxLinux Kernel Version > 5.11 < 5.15.165
LinuxLinux Kernel Version >= 5.16 < 6.1.105
LinuxLinux Kernel Version >= 6.2 < 6.6.46
LinuxLinux Kernel Version >= 6.7 < 6.10.5
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.066
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1
Patch
https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5
Patch
https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a
Patch
https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747
Patch
https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81
Patch
https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d
Patch
https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e
Patch
https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29
Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html