CVE-2024-27057 is a vulnerability identified in the Linux kernel's Audio Subsystem, specifically within the Sound Open Firmware (SOF) IPC4 PCM driver. The issue arises during system suspend operations when audio streams are active. Normally, the sof_ipc4_pcm_hw_free() function is called to reset audio pipelines because the Digital Signal Processor (DSP) powering audio is turned off during suspend, and streams must be restarted upon resume. However, if the firmware crashes while audio is running or during the reset before suspend, the sof_ipc4_set_multi_pipeline_state() call fails with an IPC error, interrupting the state change. This failure causes a misalignment between the kernel and firmware states on the next DSP boot, leading to errors in firmware IPC message handling and ultimately causing audio resume failures. The kernel attempts to correct this state mismatch on subsequent DSP boots by ignoring errors on stream close, but this means the audio subsystem may not function correctly immediately after a crash-induced suspend. The vulnerability is rooted in the handling of forced pipeline resets and error states during suspend/resume cycles in the SOF IPC4 PCM driver. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The patch or workaround involves treating forced pipeline resets similarly to pcm_free operations by ignoring errors on state sending, ensuring kernel and firmware states remain consistent after DSP reboot.

For European organizations, this vulnerability primarily impacts systems running Linux kernels with the SOF IPC4 PCM audio driver, which is common in modern laptops, desktops, and embedded devices using Intel or AMD platforms with SOF-enabled audio DSPs. The vulnerability can cause audio subsystem failures after system suspend/resume cycles, leading to degraded user experience, potential disruption of audio-dependent applications (e.g., VoIP, conferencing, multimedia), and increased support costs. While it does not directly lead to remote code execution or privilege escalation, the instability in audio services could affect critical communication tools, especially in remote work environments prevalent in Europe. Additionally, organizations relying on Linux-based embedded systems for industrial or IoT applications with audio components might experience operational disruptions. The absence of known exploits reduces immediate risk, but the issue could be exploited in targeted attacks to cause denial of service or disrupt user productivity.

Organizations should promptly apply Linux kernel updates that include the fix for CVE-2024-27057 once available from their distribution vendors or upstream Linux kernel sources. For environments where immediate patching is not feasible, consider disabling suspend/resume cycles or audio DSP features temporarily to avoid triggering the vulnerability. Monitoring system logs for IPC errors related to SOF IPC4 PCM and DSP crashes can help detect occurrences of this issue. Additionally, testing suspend/resume workflows in controlled environments before deployment can identify affected systems. For embedded or custom Linux builds, ensure that the SOF firmware and kernel drivers are updated in tandem to maintain compatibility and stability. Engaging with hardware vendors for firmware updates and guidance on SOF components is also recommended. Finally, maintain robust backup and recovery procedures to mitigate any operational impact from audio subsystem failures.