Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-57893

Опубликовано: 15 янв. 2025
Источник: nvd
CVSS3: 6.3
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

ALSA: seq: oss: Fix races at processing SysEx messages

OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access.

As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 6.1.124 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.70 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.12.9 (исключая)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*

EPSS

Процентиль: 7%
0.00029
Низкий

6.3 Medium

CVSS3

Дефекты

CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2024-57893

CVSS3: 6.3
ubuntu
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets.

redhat логотип

CVE-2024-57893

CVSS3: 5.5
redhat
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets.

msrc логотип

CVE-2024-57893

msrc
около 1 месяца назад

ALSA: seq: oss: Fix races at processing SysEx messages

debian логотип

CVE-2024-57893

CVSS3: 6.3
debian
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: A ...

github логотип

GHSA-pr7g-498h-frwf

CVSS3: 6.3
github
10 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets.

EPSS

Процентиль: 7%
0.00029
Низкий

6.3 Medium

CVSS3

Дефекты

CWE-362