CVE-2024-24861: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was discovered in the Linux kernel's media/xc4000 device driver, specifically in the xc4000_get_frequency() function. The vulnerability was assigned CVE-2024-24861 and was first reported on February 1, 2024, by Bai Jiaju from the School of Cyberspace Security at Beihang University. The vulnerability affects Linux kernel versions up to 3.0.101 and from version 6.0 up to 6.7.2 (NVD).

The vulnerability stems from a race condition in the xc4000_get_frequency() function where frequency values are read through '*freq = priv->freq_hz + priv->freq_offset' without holding any locks. During this read operation, priv->freq_hz and priv->freq_offset can be concurrently updated by xc4000_set_params, potentially resulting in mismatched values and return value overflow issues. The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) by NIST with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H (OpenAnolis).

The vulnerability affects media devices using xc4000 as a tuner. When exploited, it can cause the return of incorrect frequency values, affecting related ioctl operations. In devices like em28xx that rely on reading frequency to set new frequencies, it can lead to setting illegal frequency values, causing device malfunctions. This can ultimately result in denial of service conditions (OpenAnolis).

A fix has been developed that implements proper locking mechanisms in the xc4000_get_frequency function. The solution involves holding the priv->lock mutex lock when reading priv->freq_hz and priv->freq_offset to prevent concurrent updates from xc4000_set_params. The patch has been queued in linux-next and is available in various distribution updates including Ubuntu and Debian (OpenAnolis, Ubuntu).