DEBIAN-CVE-2024-42274

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-42274

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-42274.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-42274

Upstream

CVE-2024-42274

Published

2024-08-17T09:15:08Z

Modified

2025-09-30T09:17:45.839731Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtpdomainstreampcmpointer() and updatepcmpointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with eventual system freeze under ALSA operation: thread 0: * (lock A) acquire substream lock by sndpcmstreamlockirq() in sndpcmstatus64() * (lock B) wait for tasklet to finish by calling taskletunlockspinwait() in taskletdisableinatomic() in ohciflushisocompletions() of ohci.c thread 1: * (lock B) enter tasklet * (lock A) attempt to acquire substream lock, waiting for it to be released: sndpcmstreamlockirqsave() in sndpcmperiodelapsed() in updatepcmpointers() in processctxpayloads() in processrxpackets() of amdtp-stream.c ? taskletunlockspinwait </NMI> <TASK> ohciflushisocompletions firewireohci amdtpdomainstreampcmpointer sndfirewirelib sndpcmupdatehwptr0 sndpcm sndpcmstatus64 sndpcm ? nativequeuedspinlockslowpath </NMI> <IRQ> _rawspinlockirqsave sndpcmperiodelapsed sndpcm processrxpackets sndfirewirelib irqtargetcallback sndfirewirelib handleitpacket firewireohci contexttasklet firewireohci Restore the process context work queue to prevent deadlock AB/BA deadlock competition for ALSA substream lock of sndpcmstreamlockirq() in sndpcmstatus64() and sndpcmstreamlockirqsave() in sndpcmperiodelapsed(). revert commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Replace inline description to prevent future deadlock.

References

https://security-tracker.debian.org/tracker/CVE-2024-42274

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.106-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.10.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.10.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / linux-6.1

Package

Name: linux-6.1
Purl: pkg:deb/debian/linux-6.1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.119-1~deb11u1

Affected versions

6.*

6.1.106-3~deb11u1

6.1.106-3~deb11u2

6.1.106-3~deb11u3

6.1.112-1~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}