CVE-2024-56533

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56533

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56533.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56533

Downstream

BELL-CVE-2024-56533

DEBIAN-CVE-2024-56533

DLA-4075-1

DLA-4076-1

OESA-2025-1286

OESA-2025-1450

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0556-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:0565-1

SUSE-SU-2025:0577-1

SUSE-SU-2025:0577-2

Related

Published

2024-12-27T14:15:32Z

Modified

2025-09-19T16:18:52Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usx2y: Use sndcardfreewhenclosed() at disconnection

The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses sndcardfree() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.

An easy workaround is to replace sndcardfree() with sndcardfreewhenclosed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close.

References

Affected packages