2334431 – (CVE-2024-56531) CVE-2024-56531 kernel: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

Bug 2334431 (CVE-2024-56531) - CVE-2024-56531 kernel: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

Summary: CVE-2024-56531 kernel: ALSA: caiaq: Use snd_card_free_when_closed() at discon...

Keywords:
Status:	NEW
Alias:	CVE-2024-56531
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-12-27 15:01 UTC by OSIDB Bzimport
Modified:	2024-12-28 09:20 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-12-27 15:01:34 UTC

In the Linux kernel, the following vulnerability has been resolved:

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

The USB disconnect callback is supposed to be short and not too-long
waiting.  OTOH, the current code uses snd_card_free() at
disconnection, but this waits for the close of all used fds, hence it
can take long.  It eventually blocks the upper layer USB ioctls, which
may trigger a soft lockup.

An easy workaround is to replace snd_card_free() with
snd_card_free_when_closed().  This variant returns immediately while
the release of resources is done asynchronously by the card device
release at the last close.

This patch also splits the code to the disconnect and the free phases;
the former is called immediately at the USB disconnect callback while
the latter is called from the card destructor.

Comment 1 Avinash Hanwate 2024-12-28 09:16:36 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024122721-CVE-2024-56531-6a91@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.