CVE-2024-57805

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to 'steal' the linkDMA since it has been released. This issue is not easy to reproduce under normal conditions as usually after stop the stream is closed, or the same stream is restarted, but if another stream got in between the stop and start, like this: aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120 then the link DMA channels will be mixed up, resulting firmware error or crash.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/909ecf15cb70f78cdb5c930f58df01db039a0ff8	Patch
https://git.kernel.org/stable/c/e8d0ba147d901022bcb69da8d8fd817f84e9f3ca	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:-::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.13:rc4::::::

History

No history.

Information

Published : 2025-01-11 13:15

Updated : 2025-10-17 15:08

NVD link : CVE-2024-57805

Mitre link : CVE-2024-57805

CVE.ORG link : CVE-2024-57805

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-57805", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-11T13:15:30.420", "references": [{"url": "https://git.kernel.org/stable/c/909ecf15cb70f78cdb5c930f58df01db039a0ff8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e8d0ba147d901022bcb69da8d8fd817f84e9f3ca", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP\n\nThe linkDMA should not be released on stop trigger since a stream re-start\nmight happen without closing of the stream. This leaves a short time for\nother streams to 'steal' the linkDMA since it has been released.\n\nThis issue is not easy to reproduce under normal conditions as usually\nafter stop the stream is closed, or the same stream is restarted, but if\nanother stream got in between the stop and start, like this:\naplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120\nCTRL+z\naplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120\n\nthen the link DMA channels will be mixed up, resulting firmware error or\ncrash."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: Intel: hda-dai: No libere el enlace DMA en STOP El linkDMA no debe liberarse en el disparador de detenci\u00f3n ya que podr\u00eda ocurrir un reinicio de transmisi\u00f3n sin cerrar la transmisi\u00f3n. Esto deja un corto tiempo para que otras transmisiones \"roben\" el linkDMA desde que se ha liberado. Este problema no es f\u00e1cil de reproducir en condiciones normales ya que generalmente despu\u00e9s de detener la transmisi\u00f3n se cierra, o se reinicia la misma transmisi\u00f3n, pero si otra transmisi\u00f3n se interpuso entre la detenci\u00f3n y el inicio, como esto: aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120 entonces los canales de enlace DMA se mezclar\u00e1n, lo que provocar\u00e1 un error o bloqueo del firmware."}], "lastModified": "2025-10-17T15:08:47.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC327455-C86D-4E78-8BC8-2E5301DD5835", "versionEndExcluding": "6.12", "versionStartIncluding": "6.11.6"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36BE2398-A781-4247-9967-2905F3B83462", "versionEndExcluding": "6.12.8", "versionStartIncluding": "6.12.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E698080-7669-4132-8817-4C674EEBCE54"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}