What is the severity of CVE-2024-44954?

CVE-2024-44954 has a moderate severity level due to its ability to cause concurrency issues in the ALSA line6 driver.

How do I fix CVE-2024-44954?

To fix CVE-2024-44954, update your Linux kernel to version 5.10.226-1, 6.1.123-1, or apply the respective patches mentioned in the advisory.

What systems are affected by CVE-2024-44954?

CVE-2024-44954 affects multiple versions of the Linux kernel, specifically those before 5.10.224 and kernel version 6.11-rc2.

What is the potential impact of CVE-2024-44954?

The potential impact of CVE-2024-44954 includes possible denial of service or abnormal system behavior due to concurrent access issues.

Who is impacted by CVE-2024-44954?

Users and administrators of affected Linux distributions using the ALSA line6 driver may experience risks associated with CVE-2024-44954.

Vulnerability/
CVE-2024-44954

medium

4.7

CWE

362

4/9/2024

19/12/2024

CVE-2024-44954: ALSA: line6: Fix racy access to midibuf

First published: Wed Sep 04 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
debian/linux	<=5.10.223-1	5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1
debian/linux-6.1		6.1.119-1~deb11u1
Linux Kernel	<4.19.320
Linux Kernel	>4.20<5.4.282
Linux Kernel	>=5.5<5.10.224
Linux Kernel	>5.11<5.15.165
Linux Kernel	>=5.16<6.1.105
Linux Kernel	>=6.2<6.6.46
Linux Kernel	>=6.7<6.10.5
Linux Kernel	=6.11-rc1
Linux Kernel	=6.11-rc2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-44954?
CVE-2024-44954 has a moderate severity level due to its ability to cause concurrency issues in the ALSA line6 driver.
How do I fix CVE-2024-44954?
To fix CVE-2024-44954, update your Linux kernel to version 5.10.226-1, 6.1.123-1, or apply the respective patches mentioned in the advisory.
What systems are affected by CVE-2024-44954?
CVE-2024-44954 affects multiple versions of the Linux kernel, specifically those before 5.10.224 and kernel version 6.11-rc2.
What is the potential impact of CVE-2024-44954?
The potential impact of CVE-2024-44954 includes possible denial of service or abnormal system behavior due to concurrent access issues.
Who is impacted by CVE-2024-44954?
Users and administrators of affected Linux distributions using the ALSA line6 driver may experience risks associated with CVE-2024-44954.

agent/title
agent/first-publish-date
agent/type
agent/remedy
agent/severity
agent/weakness
agent/references
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
collector/usn-cve
source/Ubuntu
agent/description
agent/event
agent/source
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
package-manager/debian
vendor/linux
canonical/linux kernel
version/linux kernel/5.5
version/linux kernel/5.16
version/linux kernel/6.2
version/linux kernel/6.7
version/linux kernel/6.11-rc1
version/linux kernel/6.11-rc2

Frequently Asked Questions

What is the severity of CVE-2024-44954?
CVE-2024-44954 has a moderate severity level due to its ability to cause concurrency issues in the ALSA line6 driver.
How do I fix CVE-2024-44954?
To fix CVE-2024-44954, update your Linux kernel to version 5.10.226-1, 6.1.123-1, or apply the respective patches mentioned in the advisory.
What systems are affected by CVE-2024-44954?
CVE-2024-44954 affects multiple versions of the Linux kernel, specifically those before 5.10.224 and kernel version 6.11-rc2.
What is the potential impact of CVE-2024-44954?
The potential impact of CVE-2024-44954 includes possible denial of service or abnormal system behavior due to concurrent access issues.
Who is impacted by CVE-2024-44954?
Users and administrators of affected Linux distributions using the ALSA line6 driver may experience risks associated with CVE-2024-44954.

CVE-2024-44954: ALSA: line6: Fix racy access to midibuf

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-44954?

How do I fix CVE-2024-44954?

What systems are affected by CVE-2024-44954?

What is the potential impact of CVE-2024-44954?

Who is impacted by CVE-2024-44954?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-44954?

How do I fix CVE-2024-44954?

What systems are affected by CVE-2024-44954?

What is the potential impact of CVE-2024-44954?

Who is impacted by CVE-2024-44954?