5.5

CVE-2024-27436

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

If a usb audio device sets more bits than the amount of channels
it could write outside of the map array.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.8 < 4.19.311
LinuxLinux Kernel Version >= 4.20 < 5.4.273
LinuxLinux Kernel Version >= 5.5 < 5.10.214
LinuxLinux Kernel Version >= 5.11 < 5.15.153
LinuxLinux Kernel Version >= 5.16 < 6.1.83
LinuxLinux Kernel Version >= 6.2 < 6.6.23
LinuxLinux Kernel Version >= 6.7 < 6.7.11
LinuxLinux Kernel Version >= 6.8 < 6.8.2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.451
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72
Patch
https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827
Patch
https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6
Patch
https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a
Patch
https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d
Patch
https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f
Patch
https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064
Patch
https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7
Patch
https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html