// For flags

CVE-2024-27072

media: usbtv: Remove useless locks in usbtv_video_free()

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

media: usbtv: Remove useless locks in usbtv_video_free()

Remove locks calls in usbtv_video_free() because
are useless and may led to a deadlock as reported here:
https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000
Also remove usbtv_stop() call since it will be called when
unregistering the device.

Before 'c838530d230b' this issue would only be noticed if you
disconnect while streaming and now it is noticeable even when
disconnecting while not streaming.


[hverkuil: fix minor spelling mistake in log message]

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: usbtv: Eliminar bloqueos inútiles en usbtv_video_free() Eliminar llamadas de bloqueos en usbtv_video_free() porque son inútiles y pueden provocar un punto muerto como se informa aquí: https://syzkaller.appspot .com/x/bisect.txt?x=166dc872180000 También elimine la llamada usbtv_stop() ya que se llamará al cancelar el registro del dispositivo. Antes de 'c838530d230b', este problema solo se notaba si se desconectaba mientras se transmitía y ahora se nota incluso cuando se desconecta mientras no se transmite. [hverkuil: corrige un error ortográfico menor en el mensaje de registro]

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-05-01 CVE Published
  • 2024-10-18 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 5.10.227
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 5.10.227"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 5.15.168
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 5.15.168"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 6.1.113
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.1.113"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 6.6.55
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.6.55"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 6.8.2
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.8.2"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 6.9"
en
Affected