CVE-2024-38618

2024-06-1900:00:00

ubuntu.com

linux kernel

alsa timer

vulnerability

AI Score

9.4

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved: ALSA:
timer: Set lower bound of start tick time Currently ALSA timer doesn’t have
the lower limit of the start tick time, and it allows a very small size,
e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to
an unexpected RCU stall, where the callback repeatedly queuing the expire
update, as reported by fuzzer. This patch introduces a sanity check of the
timer start tick time, so that the system returns an error when a too small
start size is set. As of this patch, the lower limit is hard-coded to
100us, which is small enough but can still work somehow.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN