CVE-2024-44954

MEDIUM EPSS 6.7%
Published Sep 4, 20241y ago · Modified Jun 17, 20262w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Sep 4, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel* <4.19.320
linuxlinux_kernel*>4.20  –  <5.4.282
linuxlinux_kernel*≥5.5  –  <5.10.224
linuxlinux_kernel*>5.11  –  <5.15.165
linuxlinux_kernel*≥5.16  –  <6.1.105
linuxlinux_kernel*≥6.2  –  <6.6.46
linuxlinux_kernel*≥6.7  –  <6.10.5
linuxlinux_kernel6.11any
linuxlinux_kernel6.11any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29
    Patch