Bug 2338210 (CVE-2024-57893) - CVE-2024-57893 kernel: ALSA: seq: oss: Fix races at processing SysEx messages
Summary: CVE-2024-57893 kernel: ALSA: seq: oss: Fix races at processing SysEx messages
Keywords:
Status: NEW
Alias: CVE-2024-57893
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-01-15 14:03 UTC by OSIDB Bzimport
Modified: 2025-01-15 15:16 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2025-01-15 14:03:30 UTC
In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: oss: Fix races at processing SysEx messages

OSS sequencer handles the SysEx messages split in 6 bytes packets, and
ALSA sequencer OSS layer tries to combine those.  It stores the data
in the internal buffer and this access is racy as of now, which may
lead to the out-of-bounds access.

As a temporary band-aid fix, introduce a mutex for serializing the
process of the SysEx message packets.


Note You need to log in before you can comment on or make changes to this bug.