Improper locking in Linux kernel usb line6
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-44954 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU96859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81
https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5
https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29
https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d
https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e
https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747
https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a
https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
