CVE-2024-27057

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue occurs when the system is suspended while audio is active, causing the sof ipc4 pcm hw free() function to reset the pipelines. If the firmware crashes during audio playback or when resetting the stream before suspend, the sof ipc4 set multi pipeline state() function will fail with an IPC error, interrupting the state change. This misalignment between the kernel and firmware state can result in errors returned by firmware for IPC messages, eventually failing the audio resume. The kernel state will be corrected on the next DSP boot after the DSP panic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2026-03500

CVE-2024-27057

ECHO-EA04-B0C8-A655

INFSA-2024_9315

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

Affected Products

Astra Linux

Debian

Linux Kernel

Red Hat

Suse

CVE-2024-27057

Weakness Enumeration

Related Identifiers

Affected Products

References · 2800