PT-2024-36836 · Linux+7 · Linux Kernel+7
Published
2024-12-27
·
Updated
2025-10-03
·
CVE-2024-56533
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A vulnerability in the Linux kernel has been resolved, related to the ALSA: usx2y module. The issue occurs during USB disconnection, where the current code uses
snd card free() which waits for the close of all used file descriptors, potentially taking a long time and blocking upper layer USB ioctls, leading to a soft lockup. The snd card free() function is supposed to be replaced with snd card free when closed(), which returns immediately and releases resources asynchronously.Recommendations
To resolve the issue, replace
snd card free() with snd card free when closed() in the ALSA: usx2y module during disconnection. This change allows the release of resources to be done asynchronously, preventing the potential for a soft lockup. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu