CVE-2024-56532 in Linux
Summary
by MITRE • 12/27/2024
In the Linux kernel, the following vulnerability has been resolved:
ALSA: us122l: Use snd_card_free_when_closed() at disconnection
The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.
An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close.
The loop of us122l->mmap_count check is dropped as well. The check is useless for the asynchronous operation with *_when_closed().
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/15/2025
The vulnerability identified as CVE-2024-56532 resides within the Linux kernel's Advanced Linux Sound Architecture implementation, specifically affecting the us122l driver used for USB audio devices. This issue represents a critical timing and resource management flaw that can lead to system instability and potential denial of service conditions. The vulnerability stems from improper handling of device disconnection sequences within the USB audio subsystem, creating a scenario where kernel operations become unresponsive and can trigger system-wide lockups.
The technical flaw manifests in the USB disconnect callback implementation where the code incorrectly employs snd_card_free() function during device disconnection events. This function exhibits synchronous behavior that waits for all file descriptors associated with the sound card to be closed before proceeding with resource cleanup. The problematic implementation creates a significant delay during the disconnection process, as the function can block for extended periods while waiting for active file descriptor closures. This synchronous waiting pattern directly contradicts the expected behavior of USB disconnect callbacks which must remain brief and non-blocking to maintain system responsiveness.
The operational impact of this vulnerability extends beyond simple performance degradation to potentially cause system lockups and soft lockup conditions. When the USB disconnect callback blocks due to the synchronous snd_card_free() implementation, it prevents upper-layer USB ioctls from processing properly, creating a cascade of system-wide delays. The blocking nature of the operation can eventually lead to soft lockup scenarios where the kernel becomes unresponsive to further input processing. This behavior particularly affects systems with multiple concurrent audio operations or those experiencing frequent device connection/disconnection cycles.
The recommended mitigation involves replacing the problematic snd_card_free() call with snd_card_free_when_closed(), which provides asynchronous resource cleanup functionality. This alternative implementation returns immediately to the calling process while deferring the actual resource release operations to occur asynchronously during the final close operation of the sound card. This approach aligns with proper kernel design principles for resource management in interrupt contexts and prevents the blocking behavior that causes the vulnerability. The fix also removes the unnecessary mmap_count loop check that was previously present, as this validation becomes redundant when using the asynchronous cleanup mechanism.
This vulnerability demonstrates characteristics consistent with CWE-667, which addresses improper lock handling in concurrent systems, and aligns with ATT&CK technique T1499.001 for resource hijacking through improper system resource management. The issue highlights the importance of proper asynchronous programming patterns in kernel space operations, particularly when dealing with device disconnect events that must maintain system responsiveness. The fix exemplifies proper kernel development practices by ensuring that interrupt context handlers and disconnect callbacks maintain minimal execution time while still guaranteeing proper resource cleanup through asynchronous mechanisms.