CVE-2024-44954

Oct. 10, 2024, 6:02 p.m.

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-362
2024-09-04
CVE-2024-44954

CVSS Score

4.7 / 10

Products Impacted

Vendor Product Versions
linux
  • linux_kernel
  • *, 6.11

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races.

Weaknesses

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CWE ID: 362

Date

Published: Sept. 4, 2024, 7:15 p.m.

Last Modified: Oct. 10, 2024, 6:02 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel 6.11 rc1 / / / / / /
o linux linux_kernel 6.11 rc2 / / / / / /

CVSS Data

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score
4.7
Exploitability Score
1.0
Impact Score
3.6
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e
416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29
416baaa9-dc9f-4396-8d5f-8c081fb06d67