CVE-2024-53239

Updated: 2025-02-04 16:42:08.545897

Description:

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Needs Triage 2025-02-04 13:27:27
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Needs Triage 2025-02-04 13:27:26
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-02-04 13:27:32
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-02-04 13:27:31
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-02-04 13:27:29
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-02-04 13:27:33
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-02-04 13:27:36
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2025-02-04 13:27:35
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH In Testing 2025-02-07 06:32:14
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH In Testing 2025-02-07 22:53:09
Total: 11