Linux Kernel ALSA Timer Mutex Deadlock Vulnerability

Vulnerability

A vulnerability in the Linux kernel's ALSA timer code could lead to deadlocks due to improper mutex handling. The issue arises from the 'register_mutex' being held during 'copy_from/to_user()' operations, a pattern that was inadvertently introduced and had previously been carefully managed. This vulnerability has been addressed by relocating the 'copy_from/to_user()' calls out of the 'register_mutex' lock.

Impact

The vulnerability could cause deadlocks, disrupting normal operation by causing processes to hang indefinitely while waiting for resources to become available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ALSA Timer Mutex Deadlock Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating