5.5

CVE-2024-57805

ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP

The linkDMA should not be released on stop trigger since a stream re-start
might happen without closing of the stream. This leaves a short time for
other streams to 'steal' the linkDMA since it has been released.

This issue is not easy to reproduce under normal conditions as usually
after stop the stream is closed, or the same stream is restarted, but if
another stream got in between the stop and start, like this:
aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120
CTRL+z
aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120

then the link DMA channels will be mixed up, resulting firmware error or
crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.11.6 < 6.12
LinuxLinux Kernel Version >= 6.12.1 < 6.12.8
LinuxLinux Kernel Version6.12 Update-
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
LinuxLinux Kernel Version6.12 Updaterc7
LinuxLinux Kernel Version6.13 Updaterc1
LinuxLinux Kernel Version6.13 Updaterc2
LinuxLinux Kernel Version6.13 Updaterc3
LinuxLinux Kernel Version6.13 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.068
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/909ecf15cb70f78cdb5c930f58df01db039a0ff8
Patch
https://git.kernel.org/stable/c/e8d0ba147d901022bcb69da8d8fd817f84e9f3ca
Patch