CVE-2024-53239

ALSA: 6fire: Release resources at card release

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/74357d0b5cd3ef544752bc9f21cbeee4902fae6c patch
https://git.kernel.org/stable/c/273eec23467dfbfbd0e4c10302579ba441fb1e13 patch
https://git.kernel.org/stable/c/f2d06d4e129e2508e356136f99bb20a332ff1a00 patch
https://git.kernel.org/stable/c/b889a7d68d7e76b8795b754a75c91a2d561d5e8c patch
https://git.kernel.org/stable/c/ea8cc56db659cf0ae57073e32a4735ead7bd7ee3 patch
https://git.kernel.org/stable/c/b754e831a94f82f2593af806741392903f359168 patch
https://git.kernel.org/stable/c/0df7f4b5cc10f5adf98be0845372e9eef7bb5b09 patch
https://git.kernel.org/stable/c/57860a80f03f9dc69a34a5c37b0941ad032a0a8c patch
https://git.kernel.org/stable/c/a0810c3d6dd2d29a9b92604d682eacd2902ce947 patch

Frequently Asked Questions

What is the severity of CVE-2024-53239?
CVE-2024-53239 has been scored as a high severity vulnerability.
How to fix CVE-2024-53239?
To fix CVE-2024-53239, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53239 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53239 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53239?
CVE-2024-53239 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.