#VU102181 Improper locking in Linux kernel - CVE-2024-56532
Vulnerability identifier: #VU102181
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_us122l_disconnect() function in sound/usb/usx2y/us122l.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/020cbc4d7414f0962004213e2b7bc5cc607e9ec7
https://git.kernel.org/stable/c/2938dd2648522336133c151dd67bb9bf01cbd390
https://git.kernel.org/stable/c/75f418b249d84021865eaa59515d3ed9b75ce4d6
https://git.kernel.org/stable/c/9a48bd2184b142c92a4e17eac074c61fcf975bc9
https://git.kernel.org/stable/c/9b27924dc8d7f8a8c35e521287d4ccb9a006e597
https://git.kernel.org/stable/c/9d5c530e4d70f64b1114f2cc29ac690ba7ac4a38
https://git.kernel.org/stable/c/b7df09bb348016943f56b09dcaafe221e3f73947
https://git.kernel.org/stable/c/bc778ad3e495333eebda36fe91d5b2c93109cc16
https://git.kernel.org/stable/c/bf0aa35a7cb8602cccf2387712114e836f65c154
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
