libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs

See kodi issue with stack traces: https://github.com/xbmc/xbmc/issues/16258

I'm marking this a security bug, since all double close bugs can potentially be security bugs in multithreaded programs depending on the close interleaving.

The attachment "Set-fSocket-to--1-after-close-on-an-error-to-prevent-a-double-close.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Unsubscribing the Sponsors Team as there is no debdiff to sponsor. Poked the Security Team.

From a security point of view, it is best if this issue is fixed not just in Ubuntu but other distributions - and the best way to ensure that is to get a CVE assigned for it. Has a CVE been applied for for this issue? If not, could you please submit one to MITRE and when one is assigned please report it back here https://cveform.mitre.org/ - if one has already been assigned please post the CVE number here.

I just requested one and received: CVE-2019-13351

jackd2 released version 1.9.13 which includes this fix.

Hi,

I am experiencing the same issue with Kodi 18.5 and Xubuntu 19.10 with similar stack traces to joe-yasi. Is there anyway to install the updated package via Ubuntu updates?

Can this package get updated to 1.9.13, or at least patched in time for
20.04? The security exploitability of this bug may be low, but the impact
on affected users is high. It causes hard to debug, random crashes of other
programs (e g. Kodi) that are scanning ALSA devices when the jack daemon
isn't even started.

On Wed, Nov 20, 2019, 10:40 PM Teeedubb <email address hidden> wrote:

> Hi,
>
> I am experiencing the same issue with Kodi 18.5 and Xubuntu 19.10 with
> similar stack traces to joe-yasi. Is there anyway to install the updated
> package via Ubuntu updates?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1833479
>
> Title:
> libjack-jackd2-0 double close on a failure to connect to jackd which
> causes crashes in multithreaded programs
>
> Status in jackd2 package in Ubuntu:
> Confirmed
> Status in jackd2 package in Debian:
> Confirmed
>
> Bug description:
> After upgrading to Ubuntu 19.04, I started experiencing sporadic
> crashes in kodi when turning my AV receiver on. Ubuntu 19.04 upgraded
> alsa-plugins to 1.1.8. For alsa-plugins >= 1.1.7, the ALSA jack plugin
> is enabled by default in /etc/alsa/conf.d/50-jack.conf.
>
> The crashes are caused by a race condition when kodi's audio engine
> thread is enumerating the ALSA sound devices, and the udev thread is
> enumerating the udev devices triggered by the sound device add from
> turning the AVR on.
>
> When enumerating the ALSA jack plugin device, it tries to connect to
> connect to jackd. Since I don't have jackd installed, it fails to
> connect. libjack closes the socket on error, and then closes it again
> in it's cleanup code. Since it's closing the same file descriptor
> twice, it interacts with other threads that have potentially opened
> file descriptors, and causes the crash.
>
> This same bug could potentially affect other multi-threaded programs
> that enumerate ALSA devices.
>
> Fix committed upstream:
>
> https://github.com/jackaudio/jack2/commit/dad4b5702782eef3bd66e3c3f4fefaaae3571208
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/jackd2/+bug/1833479/+subscriptions
>

I'm marking this as also affects alsa-plugins since that is shipping a jack plugin by default, and this bug is triggered when jack isn't even running. Programs that scan for ALSA devices pick up that jack plugin and trigger the double close.

Is this going to make it for focal? This bug causes kodi to crash when turning my TV screen off.

I currently have the package patched in my PPA to resolve the bug. It is a difficult to debug problem that has been sending users upstream to kodi with bug reports and confusing stack traces. This will get more exposure when focal is released due to the LTS status.

This bug was fixed in the package jackd2 - 1.9.12~dfsg-2ubuntu2

---------------
jackd2 (1.9.12~dfsg-2ubuntu2) focal; urgency=medium

  * debian/patches/CVE-2019-13351.patch:
    - Set fSocket to -1 after close on an error to prevent a double close,
      fix CVE-2019-13351 (lp: #1833479)

 -- Sebastien Bacher <email address hidden> Thu, 16 Apr 2020 10:21:43 +0200