CVE-2024-42274

{"id": "CVE-2024-42274", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-08-17T09:15:08.530", "references": [{"url": "https://git.kernel.org/stable/c/36c255db5a25edd42d1aca48e38b8e95ee5fd9ef", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3dab73ab925a51ab05543b491bf17463a48ca323", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7c07220cf634002f93a87ca2252a32766850f2d1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b239a37d68e8bc59f9516444da222841e3b13ba9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f5043e69aeb2786f32e84132817a007a6430aa7d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ALSA: firewire-lib: operate for period elapse event in process context\"\n\nCommit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period elapse event\nin process context\") removed the process context workqueue from\namdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove\nits overhead.\n\nWith RME Fireface 800, this lead to a regression since\nKernels 5.14.0, causing an AB/BA deadlock competition for the\nsubstream lock with eventual system freeze under ALSA operation:\n\nthread 0:\n * (lock A) acquire substream lock by\n\tsnd_pcm_stream_lock_irq() in\n\tsnd_pcm_status64()\n * (lock B) wait for tasklet to finish by calling\n \ttasklet_unlock_spin_wait() in\n\ttasklet_disable_in_atomic() in\n\tohci_flush_iso_completions() of ohci.c\n\nthread 1:\n * (lock B) enter tasklet\n * (lock A) attempt to acquire substream lock,\n \twaiting for it to be released:\n\tsnd_pcm_stream_lock_irqsave() in\n \tsnd_pcm_period_elapsed() in\n\tupdate_pcm_pointers() in\n\tprocess_ctx_payloads() in\n\tprocess_rx_packets() of amdtp-stream.c\n\n? tasklet_unlock_spin_wait\n </NMI>\n <TASK>\nohci_flush_iso_completions firewire_ohci\namdtp_domain_stream_pcm_pointer snd_firewire_lib\nsnd_pcm_update_hw_ptr0 snd_pcm\nsnd_pcm_status64 snd_pcm\n\n? native_queued_spin_lock_slowpath\n </NMI>\n <IRQ>\n_raw_spin_lock_irqsave\nsnd_pcm_period_elapsed snd_pcm\nprocess_rx_packets snd_firewire_lib\nirq_target_callback snd_firewire_lib\nhandle_it_packet firewire_ohci\ncontext_tasklet firewire_ohci\n\nRestore the process context work queue to prevent deadlock\nAB/BA deadlock competition for ALSA substream lock of\nsnd_pcm_stream_lock_irq() in snd_pcm_status64()\nand snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed().\n\nrevert commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operate for period\nelapse event in process context\")\n\nReplace inline description to prevent future deadlock."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\" commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento transcurrido en el contexto del proceso\") eliminada la cola de trabajo del contexto del proceso de amdtp_domain_stream_pcm_pointer() y update_pcm_pointers() para eliminar su sobrecarga. Con RME Fireface 800, esto condujo a una regresi\u00f3n desde Kernels 5.14.0, lo que provoc\u00f3 una competencia de punto muerto AB/BA para el bloqueo de substream con una eventual congelaci\u00f3n del sistema bajo la operaci\u00f3n ALSA: subproceso 0: * (bloqueo A) adquiere el bloqueo de substream mediante snd_pcm_stream_lock_irq() en snd_pcm_status64() * (bloqueo B) espere a que finalice el tasklet llamando a tasklet_unlock_spin_wait() en tasklet_disable_in_atomic() en ohci_flush_iso_completions() del subproceso 1 de ohci.c: * (bloqueo B) ingrese al tasklet * (bloqueo A) intente adquirir el subflujo bloquear, esperando a que se libere: snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed() en update_pcm_pointers() en Process_ctx_payloads() en Process_rx_packets() de amdtp-stream.c? tasklet_unlock_spin_wait ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? nativo_queued_spin_lock_slowpath _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm Process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restaurar la cola de trabajo del contexto del proceso para evitar un punto muerto Competencia de punto muerto AB/BA para el bloqueo de subtransmisi\u00f3n ALSA de snd_pcm_stream_lock_irq() en snd_pcm_status64() y snd_pcm_stream_lock_irqsave() en snd_pcm_period_elapsed(). revertir el commit 7ba5ca32fe6e (\"ALSA: firewire-lib: operar durante el evento de per\u00edodo transcurrido en el contexto del proceso\") Reemplace la descripci\u00f3n en l\u00ednea para evitar futuros interbloqueos."}], "lastModified": "2025-11-03T22:17:53.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F20D8A8D-1A11-440E-A3A7-0C70F9D98782", "versionEndExcluding": "5.15.165", "versionStartIncluding": "5.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20DB9042-F89E-4024-B005-ACBBA99CA659", "versionEndExcluding": "6.1.104", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED8FBDF-48EE-4FEB-8B1A-CFF4FBCB27BF", "versionEndExcluding": "6.6.45", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9FECDC-6CB8-41E5-B32A-E46776100D9C", "versionEndExcluding": "6.10.4", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}