#VU102182 Improper locking in Linux kernel - CVE-2024-56533
Vulnerability identifier: #VU102182
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usx2y_disconnect() function in sound/usb/usx2y/usbusx2y.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/24fe9f7ca83ec9acf765339054951f5cd9ae5c5d
https://git.kernel.org/stable/c/7bd8838c0ea886679a32834fdcacab296d072fbe
https://git.kernel.org/stable/c/befcca1777525e37c659b4129d8ac7463b07ef67
https://git.kernel.org/stable/c/dafb28f02be407e07a6f679e922a626592b481b0
https://git.kernel.org/stable/c/e07605d855c4104d981653146a330ea48f6266ed
https://git.kernel.org/stable/c/e869642a77a9b3b98b0ab2c8fec7af4385140909
https://git.kernel.org/stable/c/ffbfc6c4330fc233698529656798bee44fea96f5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
