Informazioni sul CVE-2024-27057
ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-27057
Descrizione: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the `sof_ipc4_pcm_hw_free()` function is invoked to reset the pipelines since during suspend, the DSP is turned off. If the firmware crashes during while audio is running (or when we reset the stream before suspend), then `sof_ipc4_set_multi_pipeline_state()` will fail with IPC error and the state change is interrupted. This will cause misalignment between the kernel and firmware state on the next DSP boot, resulting in errors returned by the firmware for IPC messages, eventually failing the audio resume. On stream close, the errors are ignored, so the kernel state will be corrected on the next DSP boot, so the second boot after the DSP panic. If `sof_ipc4_pipelines()` is called from `sof_ipc4_pcm_hw_free()`, then the state parameter is SOF_IPC4_PIPE_RESET and only in this case. Treat a forced pipeline reset similarly to how we treat a pcm_free by ignoring error sending to allow the kernel’s state to be consistent with the firmware’s state after the next boot.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759
- https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c
- https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2
Prodotti interessati
- Linux – Linux
- Linux – Linux