CVE-2024-44954

ALSA: line6: Fix racy access to midibuf

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81 patch
https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5 patch
https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29 patch
https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d patch
https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e patch
https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747 patch
https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a patch
https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1 patch

Frequently Asked Questions

What is the severity of CVE-2024-44954?
CVE-2024-44954 has been scored as a medium severity vulnerability.
How to fix CVE-2024-44954?
To fix CVE-2024-44954, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-44954 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-44954 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-44954?
CVE-2024-44954 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.