CVE-2024-56532
📋 TL;DR
A race condition vulnerability in the Linux kernel's ALSA us122l USB audio driver allows a denial-of-service attack. When a USB audio device is disconnected, the driver can trigger a soft lockup by blocking USB ioctls, potentially freezing the system. This affects Linux systems using the affected ALSA driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System soft lockup requiring hard reboot, causing service disruption and potential data loss.
Likely Case
Temporary system unresponsiveness when disconnecting USB audio devices, requiring manual intervention.
If Mitigated
Minor performance impact during USB audio device disconnection with no system lockup.
🎯 Exploit Status
Exploitation requires physical access to disconnect USB audio devices or ability to trigger USB disconnection events. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 020cbc4d7414f0962004213e2b7bc5cc607e9ec7 or later
Vendor Advisory: https://git.kernel.org/stable/c/020cbc4d7414f0962004213e2b7bc5cc607e9ec7
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check kernel commit history includes the fix. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable us122l driver
linuxPrevent loading of the vulnerable ALSA us122l driver
echo 'blacklist snd-usb-us122l' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
Restrict USB device access
allLimit physical access to USB ports to prevent unauthorized device disconnection
🧯 If You Can't Patch
- Restrict physical access to USB ports on critical systems
- Monitor system logs for USB disconnection events and soft lockup warnings
🔍 How to Verify
Check if Vulnerable:
Check if us122l driver is loaded: lsmod | grep snd_usb_us122l. If loaded and kernel version is unpatched, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commit: git log --oneline | grep -i 'us122l.*free_when_closed' or verify kernel version is newer than fix date.📡 Detection & Monitoring
Log Indicators:
- Kernel soft lockup messages in dmesg
- USB disconnection events followed by system unresponsiveness
- ALSA driver error messages
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("soft lockup" OR "us122l" OR "ALSA")🔗 References
- https://git.kernel.org/stable/c/020cbc4d7414f0962004213e2b7bc5cc607e9ec7
- https://git.kernel.org/stable/c/2938dd2648522336133c151dd67bb9bf01cbd390
- https://git.kernel.org/stable/c/75f418b249d84021865eaa59515d3ed9b75ce4d6
- https://git.kernel.org/stable/c/9a48bd2184b142c92a4e17eac074c61fcf975bc9
- https://git.kernel.org/stable/c/9b27924dc8d7f8a8c35e521287d4ccb9a006e597
- https://git.kernel.org/stable/c/9d5c530e4d70f64b1114f2cc29ac690ba7ac4a38
- https://git.kernel.org/stable/c/b7df09bb348016943f56b09dcaafe221e3f73947
- https://git.kernel.org/stable/c/bc778ad3e495333eebda36fe91d5b2c93109cc16
- https://git.kernel.org/stable/c/bf0aa35a7cb8602cccf2387712114e836f65c154
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
