AZL-67839

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67839.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67839

Upstream

CVE-2024-57893

Published

2025-01-15T13:15:13Z

Modified

2026-04-01T05:21:17.724942Z

Summary

CVE-2024-57893 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: oss: Fix races at processing SysEx messages

OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access.

As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-57893

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67839.json"