CVE-2024-56532

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the ALSA: us122l in the Linux kernel, specifically with the USB disconnect callback. This callback is supposed to be short and not wait too long. However, the current code uses snd card free() at disconnection, which waits for the close of all used file descriptors and can take a long time, potentially blocking upper layer USB ioctls and triggering a soft lockup. An easy workaround is to replace snd card free() with snd card free when closed(), which returns immediately while the release of resources is done asynchronously by the card device release at the last close.

Recommendations To resolve the issue, replace snd card free() with snd card free when closed() in the USB disconnect callback. This change allows the release of resources to be done asynchronously, preventing the potential for long waits and soft lockups. Additionally, the loop of us122l->mmap count check can be dropped as it is useless for the asynchronous operation with * when closed(). At the moment, there is no information about a newer version that contains a fix for this vulnerability.