PT-2024-35687 · Linux+7 · Linux Kernel+7

Published

2024-11-13

·

Updated

2025-10-03

·

CVE-2024-53239

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the ALSA 6fire code in the Linux kernel, where resources are released at the wrong time, potentially leading to use-after-free (UAF) errors. The current code tries to release resources right after the call of usb6fire chip abort(), but the card object might still be in use. To avoid potential UAFs, the release of resources has been moved to the card's private free instead of the manual call of usb6fire chip destroy() at the USB disconnect callback.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2024-17893
ALT-PU-2025-12647
BDU:2025-06976
CVE-2024-53239
DLA-4075-1
DLA-4076-1
OESA-2025-1034
OESA-2025-1035
OESA-2025-1065
OESA-2025-1066
OESA-2025-1078
OESA-2025-1079
OPENSUSE-SU-2025_0201-1
OPENSUSE-SU-2025_0202-1
OPENSUSE-SU-2025_0203-1
OPENSUSE-SU-2025_0229-1
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
OPENSUSE-SU-2025_0833-1
OPENSUSE-SU-2025_0835-1
OPENSUSE-SU-2025_0847-1
OPENSUSE-SU-2025_0853-1
OPENSUSE-SU-2025_0855-1
OPENSUSE-SU-2025_0856-1
OPENSUSE-SU-2025_0955-1
SUSE-SU-2025:0152-1
SUSE-SU-2025:0201-1
SUSE-SU-2025:0201-2
SUSE-SU-2025:0202-1
SUSE-SU-2025:0203-1
SUSE-SU-2025:0229-1
SUSE-SU-2025:0230-1
SUSE-SU-2025:0231-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0603-1
SUSE-SU-2025:0784-1
SUSE-SU-2025:0833-1
SUSE-SU-2025:0833-2
SUSE-SU-2025:0834-1
SUSE-SU-2025:0835-1
SUSE-SU-2025:0847-1
SUSE-SU-2025:0853-1
SUSE-SU-2025:0855-1
SUSE-SU-2025:0856-1
SUSE-SU-2025:0867-1
SUSE-SU-2025:0945-1
SUSE-SU-2025:0955-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_0201-1
SUSE-SU-2025_0201-2
SUSE-SU-2025_0202-1
SUSE-SU-2025_0203-1
SUSE-SU-2025_0236-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
SUSE-SU-2025_0833-1
SUSE-SU-2025_0833-2
SUSE-SU-2025_0834-1
SUSE-SU-2025_0835-1
SUSE-SU-2025_0847-1
SUSE-SU-2025_0855-1
SUSE-SU-2025_0856-1
SUSE-SU-2025_0955-1
USN-7276-1
USN-7277-1
USN-7310-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1
USN-7684-1
USN-7684-2
USN-7684-3
USN-7685-1
USN-7685-2
USN-7685-3
USN-7685-4
USN-7685-5

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu