CVE-2024-26654: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26654 is a Use-After-Free (UAF) vulnerability discovered in the Linux kernel's ALSA SH AICA sound driver. The vulnerability was disclosed on April 1, 2024, affecting Linux kernel versions from 2.6.23 up to versions prior to 4.19.312, 5.4.274, 5.10.215, 5.15.154, 6.1.84, 6.6.24, 6.7.12, and 6.8.3 (NVD).

The vulnerability occurs due to a race condition in the ALSA SH AICA sound driver where dreamcastcard->timer could schedule spudmawork and spudmawork could arm dreamcastcard->timer. When sndpcmsubstream is closing, aicachannel gets deallocated but could still be dereferenced in the worker thread. This happens because deltimer() returns directly regardless of whether the timer handler is running, allowing the worker to be rescheduled in the timer handler. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (High) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to a Use-After-Free condition, potentially allowing an attacker to cause a system crash or execute arbitrary code with elevated privileges (NVD).

The vulnerability has been fixed by implementing PCM syncstop operation to cancel both the timer and worker, and by calling modtimer() conditionally in runspudma(). The fix has been incorporated into various Linux kernel versions through patches (Kernel Patch).