{"id":"CVE-2024-57893","summary":"ALSA: seq: oss: Fix races at processing SysEx messages","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: oss: Fix races at processing SysEx messages\n\nOSS sequencer handles the SysEx messages split in 6 bytes packets, and\nALSA sequencer OSS layer tries to combine those.  It stores the data\nin the internal buffer and this access is racy as of now, which may\nlead to the out-of-bounds access.\n\nAs a temporary band-aid fix, introduce a mutex for serializing the\nprocess of the SysEx message packets.","modified":"2026-04-02T12:25:17.223825Z","published":"2025-01-15T13:05:45.550Z","related":["MGASA-2025-0030","MGASA-2025-0032","SUSE-SU-2025:0236-1","SUSE-SU-2025:02387-1","SUSE-SU-2025:02388-1","SUSE-SU-2025:02389-1","SUSE-SU-2025:02390-1","SUSE-SU-2025:02391-1","SUSE-SU-2025:02392-1","SUSE-SU-2025:02396-1","SUSE-SU-2025:02398-1","SUSE-SU-2025:02399-1","SUSE-SU-2025:02400-1","SUSE-SU-2025:02401-1","SUSE-SU-2025:02403-1","SUSE-SU-2025:02410-1","SUSE-SU-2025:02411-1","SUSE-SU-2025:02412-1","SUSE-SU-2025:02415-1","SUSE-SU-2025:02416-1","SUSE-SU-2025:02419-1","SUSE-SU-2025:02420-1","SUSE-SU-2025:02422-1","SUSE-SU-2025:02428-1","SUSE-SU-2025:02433-1","SUSE-SU-2025:02434-1","SUSE-SU-2025:02436-1","SUSE-SU-2025:02437-1","SUSE-SU-2025:02440-1","SUSE-SU-2025:02445-1","SUSE-SU-2025:02446-1","SUSE-SU-2025:02449-1","SUSE-SU-2025:02454-1","SUSE-SU-2025:02455-1","SUSE-SU-2025:02459-1","SUSE-SU-2025:02507-1","SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0555-1","SUSE-SU-2025:0556-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:0576-1","SUSE-SU-2025:0577-1","SUSE-SU-2025:0577-2","SUSE-SU-2025:0603-1","SUSE-SU-2025:0771-1","SUSE-SU-2025:0867-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","SUSE-SU-2025:20517-1","SUSE-SU-2025:20518-1","SUSE-SU-2025:20519-1","SUSE-SU-2025:20525-1","SUSE-SU-2025:20526-1","SUSE-SU-2025:20527-1","SUSE-SU-2025:20540-1","SUSE-SU-2025:20541-1","SUSE-SU-2025:20544-1","SUSE-SU-2025:20545-1","SUSE-SU-2025:4123-1","USN-7379-2","USN-7380-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57893.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0179488ca992d79908b8e26b9213f1554fc5bacc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9d382112b36382aa65aad765f189ebde9926c101"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cff1de87ed14fc0f2332213d2367100e7ad0753a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d2392b79d8af3714ea8878b71c66dc49d3110f44"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57893.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57893"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"cff1de87ed14fc0f2332213d2367100e7ad0753a"},{"fixed":"d2392b79d8af3714ea8878b71c66dc49d3110f44"},{"fixed":"9d382112b36382aa65aad765f189ebde9926c101"},{"fixed":"0179488ca992d79908b8e26b9213f1554fc5bacc"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57893.json"}}],"schema_version":"1.7.5"}