CVE-2024-27072Improper Locking in Linux

CWE-667Improper LockingCWE-833Deadlock30 documents7 sources
Severity
5.5MEDIUMNVD
OSV8.8
EPSS
0.0%
top 99.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 1
Latest updateJan 20

Description

In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even whe

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel3.115.10.227+4
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.15.0-127.137+1
CVEListV5linux/linuxf3d27f34fdd7701e499617d2c1d94480a98f6d074ec4641df57cbdfdc51bb4959afcdbcf5003ddb9+6
debiandebian/linux< linux 6.1.115-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-xilinx-zynqmp vulnerabilities2025-01-20
OSV
linux-azure, linux-intel-iotg-5.15 vulnerabilities2025-01-09
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-intel-iotg vulnerabilities2025-01-06
OSV
linux-hwe-5.15 vulnerabilities2024-12-20

📋Vendor Advisories

14
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2025-01-20
Ubuntu
Linux kernel vulnerabilities2025-01-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-01-06
Ubuntu
Linux kernel (HWE) vulnerabilities2024-12-20

💬Community

1
Bugzilla
CVE-2024-27072 kernel: media: usbtv: Remove useless locks in usbtv_video_free()2024-05-01