CVE-2024-27436

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

If a usb audio device sets more bits than the amount of channels it could write outside of the map array.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 7e2c1b0f6dd9abde9e60f0f9730026714468770faffected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 6d5dc96b154be371df0d62ecb07efe400701ed8aaffected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 5cd466673b34bac369334f66cbe14bb77b7d7827affected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 9af1658ba293458ca6a13f70637b9654fa4be064affected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 629af0d5fe94a35f498ba2c3f19bd78bfa591be6affected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 22cad1b841a63635a38273b799b4791f202ade72affected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < c8a24fd281dcdf3c926413dafbafcf35cde517a9affected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < 6d88b289fb0a8d055cb79d1c46a56aba7809d96daffected
LinuxLinux04324ccc75f96b3ed7aad1c866d1b7925e977bdf < a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7affected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux4.19.311 <= 4.19.*unaffected
LinuxLinux5.4.273 <= 5.4.*unaffected
LinuxLinux5.10.214 <= 5.10.*unaffected
LinuxLinux5.15.153 <= 5.15.*unaffected
LinuxLinux6.1.83 <= 6.1.*unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References