mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.2 KiB
1.2 KiB
CVE-2024-53239
Description
In the Linux kernel, the following vulnerability has been resolved:ALSA: 6fire: Release resources at card releaseThe current 6fire code tries to release the resources right after thecall of usb6fire_chip_abort(). But at this moment, the card objectmight be still in use (as we're calling snd_card_free_when_closed()).For avoid potential UAFs, move the release of resources to the card'sprivate_free instead of the manual call of usb6fire_chip_destroy() atthe USB disconnect callback.
POC
Reference
No PoCs from references.