CVE-2024-38600
ALSA: Fix deadlocks with kctl removals at disconnection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
ALSA: Fix deadlocks with kctl removals at disconnection
In snd_card_disconnect(), we set card->shutdown flag at the beginning,
call callbacks and do sync for card->power_ref_sleep waiters at the
end. The callback may delete a kctl element, and this can lead to a
deadlock when the device was in the suspended state. Namely:
* A process waits for the power up at snd_power_ref_and_wait() in
snd_ctl_info() or read/write() inside card->controls_rwsem.
* The system gets disconnected meanwhile, and the driver tries to
delete a kctl via snd_ctl_remove*(); it tries to take
card->controls_rwsem again, but this is already locked by the
above. Since the sleeper isn't woken up, this deadlocks.
An easy fix is to wake up sleepers before processing the driver
disconnect callbacks but right after setting the card->shutdown flag.
Then all sleepers will abort immediately, and the code flows again.
So, basically this patch moves the wait_event() call at the right
timing. While we're at it, just to be sure, call wait_event_all()
instead of wait_event(), although we don't use exclusive events on
this queue for now.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: soluciona interbloqueos con eliminaciones de kctl al desconectar fin. La devolución de llamada puede eliminar un elemento kctl y esto puede provocar un punto muerto cuando el dispositivo estaba en estado suspendido. Es decir: * Un proceso espera el encendido en snd_power_ref_and_wait() en snd_ctl_info() o lectura/escritura() dentro de card->controls_rwsem. * Mientras tanto, el sistema se desconecta y el controlador intenta eliminar un kctl mediante snd_ctl_remove*(); intenta tomar card->controls_rwsem nuevamente, pero esto ya está bloqueado por lo anterior. Como el durmiente no se despierta, esto se bloquea. Una solución fácil es despertar a los durmientes antes de procesar las devoluciones de llamada de desconexión del controlador, pero justo después de configurar la tarjeta->indicador de apagado. Entonces todos los durmientes abortarán inmediatamente y el código fluirá nuevamente. Básicamente, este parche mueve la llamada wait_event() en el momento adecuado. Mientras estamos en esto, solo para estar seguros, llame a wait_event_all() en lugar de wait_event(), aunque no usamos eventos exclusivos en esta cola por ahora.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-08-28 EPSS Updated
- 2024-11-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-833: Deadlock
CAPEC
References (8)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-38600 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2293365 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.161" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.93" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.33" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10" | en |
Affected
|