Edmund Raile

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the firewire core in the Linux kernel, where an invalid port index is assigned to the parent device. This occurs when extra node devices with three or more ports are connected to the 1394 OHCI controller, potentially leading to a general protection fault due to access to an invalid address. The problem arises from a mistake in the application of helper functions, which are otherwise guaranteed to work correctly by KUnit tests. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The vulnerability is related to an AB/BA deadlock competition for the substream lock in the ALSA firewire-lib module, which can cause a system freeze under ALSA operation. This issue occurred after removing the process context workqueue from `amdtp domain stream pcm pointer()` and `update pcm pointers()` to remove its overhead. The problem arises when using RME Fireface 800 with Linux kernels since version 5.14.0. Technical details about exploitation include: - `snd pcm stream lock irq()` in `snd pcm status64()` - `snd pcm stream lock irqsave()` in `snd pcm period elapsed()` - `tasklet unlock spin wait()` in `tasklet disable in atomic()` in `ohci flush iso completions()` of ohci.c **Recommendations** For Linux kernel versions prior to 6.6.50, update to version 6.6.50 or later to resolve the issue. As a temporary workaround, consider disabling the `amdtp domain stream pcm pointer()` function until a patch is available. Restrict access to the vulnerable module `amdtp-stream.c` to minimize the risk of exploitation. Avoid using the `snd pcm stream lock irq()` and `snd pcm stream lock irqsave()` functions in `snd pcm status64()` and `snd pcm period elapsed()` until the issue is resolved.