CVE-2024-53239

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53239

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53239.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-53239

Downstream

BELL-CVE-2024-53239

DEBIAN-CVE-2024-53239

DLA-4075-1

DLA-4076-1

OESA-2025-1034

OESA-2025-1035

OESA-2025-1065

OESA-2025-1066

OESA-2025-1078

OESA-2025-1079

SUSE-SU-2025:0152-1

SUSE-SU-2025:0201-1

SUSE-SU-2025:0201-2

SUSE-SU-2025:0202-1

SUSE-SU-2025:0203-1

SUSE-SU-2025:0229-1

SUSE-SU-2025:0230-1

SUSE-SU-2025:0231-1

SUSE-SU-2025:0236-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:0603-1

SUSE-SU-2025:0784-1

SUSE-SU-2025:0833-1

SUSE-SU-2025:0833-2

SUSE-SU-2025:0834-1

SUSE-SU-2025:0835-1

SUSE-SU-2025:0847-1

SUSE-SU-2025:0853-1

SUSE-SU-2025:0855-1

SUSE-SU-2025:0856-1

SUSE-SU-2025:0867-1

SUSE-SU-2025:0945-1

SUSE-SU-2025:0955-1

Related

Published

2024-12-27T14:15:32Z

Modified

2025-08-09T19:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: 6fire: Release resources at card release

The current 6fire code tries to release the resources right after the call of usb6firechipabort(). But at this moment, the card object might be still in use (as we're calling sndcardfreewhenclosed()).

For avoid potential UAFs, move the release of resources to the card's privatefree instead of the manual call of usb6firechip_destroy() at the USB disconnect callback.

References

Affected packages