Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-42274

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/08/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "ALSA: firewire-lib: operate for period elapse event in process context"<br /> <br /> Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event<br /> in process context") removed the process context workqueue from<br /> amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove<br /> its overhead.<br /> <br /> With RME Fireface 800, this lead to a regression since<br /> Kernels 5.14.0, causing an AB/BA deadlock competition for the<br /> substream lock with eventual system freeze under ALSA operation:<br /> <br /> thread 0:<br /> * (lock A) acquire substream lock by<br /> snd_pcm_stream_lock_irq() in<br /> snd_pcm_status64()<br /> * (lock B) wait for tasklet to finish by calling<br /> tasklet_unlock_spin_wait() in<br /> tasklet_disable_in_atomic() in<br /> ohci_flush_iso_completions() of ohci.c<br /> <br /> thread 1:<br /> * (lock B) enter tasklet<br /> * (lock A) attempt to acquire substream lock,<br /> waiting for it to be released:<br /> snd_pcm_stream_lock_irqsave() in<br /> snd_pcm_period_elapsed() in<br /> update_pcm_pointers() in<br /> process_ctx_payloads() in<br /> process_rx_packets() of amdtp-stream.c<br /> <br /> ? tasklet_unlock_spin_wait<br /> <br /> <br /> ohci_flush_iso_completions firewire_ohci<br /> amdtp_domain_stream_pcm_pointer snd_firewire_lib<br /> snd_pcm_update_hw_ptr0 snd_pcm<br /> snd_pcm_status64 snd_pcm<br /> <br /> ? native_queued_spin_lock_slowpath<br /> <br /> <br /> _raw_spin_lock_irqsave<br /> snd_pcm_period_elapsed snd_pcm<br /> process_rx_packets snd_firewire_lib<br /> irq_target_callback snd_firewire_lib<br /> handle_it_packet firewire_ohci<br /> context_tasklet firewire_ohci<br /> <br /> Restore the process context work queue to prevent deadlock<br /> AB/BA deadlock competition for ALSA substream lock of<br /> snd_pcm_stream_lock_irq() in snd_pcm_status64()<br /> and snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().<br /> <br /> revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period<br /> elapse event in process context")<br /> <br /> Replace inline description to prevent future deadlock.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.14 (including) 5.15.165 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.104 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.45 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.4 (excluding)
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools