PT-2024-29825 · Linux+5 · Linux Kernel+5
Edmund Raile
·
Published
2024-07-31
·
Updated
2025-02-03
·
CVE-2024-42274
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.50
Description
The vulnerability is related to an AB/BA deadlock competition for the substream lock in the ALSA firewire-lib module, which can cause a system freeze under ALSA operation. This issue occurred after removing the process context workqueue from
amdtp domain stream pcm pointer() and update pcm pointers() to remove its overhead. The problem arises when using RME Fireface 800 with Linux kernels since version 5.14.0.Technical details about exploitation include:
snd pcm stream lock irq()insnd pcm status64()snd pcm stream lock irqsave()insnd pcm period elapsed()tasklet unlock spin wait()intasklet disable in atomic()inohci flush iso completions()of ohci.c
Recommendations
For Linux kernel versions prior to 6.6.50, update to version 6.6.50 or later to resolve the issue. As a temporary workaround, consider disabling the
amdtp domain stream pcm pointer() function until a patch is available. Restrict access to the vulnerable module amdtp-stream.c to minimize the risk of exploitation. Avoid using the snd pcm stream lock irq() and snd pcm stream lock irqsave() functions in snd pcm status64() and snd pcm period elapsed() until the issue is resolved.Exploit
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu