CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-26654

Medium Severity
Linux
SVRS
30/100
CVSSv3
7.0/10
EPSS
0.00048/1

CVE-2024-26654 is a use-after-free (UAF) vulnerability in the Linux kernel's ALSA subsystem, specifically within the aica driver for Dreamcast sound cards. This flaw occurs due to improper cleanup operations related to the timer and DMA handling, potentially leading to system crashes or arbitrary code execution. The

Although CVSS score is rated at 7, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a relatively low risk of exploitation in the wild, at this current time. The vulnerability arises because the dreamcastcard->timer can schedule the spu_dma_work, leading to a race condition where the aica_channel is deallocated while still being referenced by a worker thread. The fix involves conditionally calling mod_timer() and implementing a PCM sync_stop operation to ensure proper cancellation of both the timer and worker. This vulnerability is significant because it could lead to system instability and potential security breaches, emphasizing the need for timely kernel updates.

TAGS
No tags available
VECTOR STRING
CVSS:3.1
AV:L
AC:H
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-05-04
LAST MODIFIED2024-04-01

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-26654 | Linux Kernel up to 6.9-rc1 ALSA del_timer null pointer dereference (051e0840ffa8)
vuldb.com2025-02-04
CVE-2024-26654 | Linux Kernel up to 6.9-rc1 ALSA del_timer null pointer dereference (051e0840ffa8) | A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.9-rc1. Affected is the function del_timer of the component ALSA. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-26654
vuldb.com
rss
forum
news
USN-6927-1: Linux kernel vulnerabilities
2024-07-30
USN-6927-1: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem
ubuntu.com
rss
forum
news
USN-6917-1: Linux kernel vulnerabilities
2024-07-26
USN-6917-1: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem
cve-2024-35900
cve-2024-36004
cve-2024-35884
cve-2024-26999
USN-6896-5: Linux kernel vulnerabilities
2024-07-23
USN-6896-5: Linux kernel vulnerabilities | It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
cve-2024-27077
cve-2024-35805
cve-2024-26966
cve-2024-26935
USN-6898-4: Linux kernel vulnerabilities
2024-07-23
USN-6898-4: Linux kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem
cve-2024-36006
cve-2024-35809
cve-2024-27396
cve-2024-26960
USN-6898-3: Linux kernel kernel vulnerabilities
2024-07-19
USN-6898-3: Linux kernel kernel vulnerabilities | Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth
ubuntu.com
rss
forum
news
USN-6896-4: Linux kernel vulnerabilities
2024-07-19
USN-6896-4: Linux kernel vulnerabilities | It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
ubuntu.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSLinuxlinux_kernel
Configuration 2
TypeVendorProduct
OSDebiandebian_linux

References

ReferenceLink
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
416BAAA9-DC9F-4396-8D5F-8C081FB06D67https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3
AF854A3A-2127-422B-91AE-364DA2661108https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence