CVE-2024-27072

media: usbtv: Remove useless locks in usbtv_video_free()

Description

In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. [hverkuil: fix minor spelling mistake in log message]

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9 patch
https://git.kernel.org/stable/c/d5ed208d04acf06781d63d30f9fa991e8d609ebd patch
https://git.kernel.org/stable/c/bdd82c47b22a8befd617b723098b2a41b77373c7 patch
https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf patch
https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2 patch
https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895 patch

Frequently Asked Questions

What is the severity of CVE-2024-27072?
CVE-2024-27072 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27072?
To fix CVE-2024-27072, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27072 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27072 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27072?
CVE-2024-27072 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.