CVE-2024-27436
Vulnerability from cvelistv5
Published
2024-05-17 12:12
Modified
2024-11-07 20:20
Summary
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:45:09.433584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T20:20:17.657Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.266Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7e2c1b0f6dd9",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "6d5dc96b154b",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "5cd466673b34",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "9af1658ba293",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "629af0d5fe94",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "22cad1b841a6",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "c8a24fd281dc",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "6d88b289fb0a",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            },
            {
              "lessThan": "a39d51ff1f52",
              "status": "affected",
              "version": "04324ccc75f9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/stream.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.311",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\n\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:22:00.235Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"
        },
        {
          "url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"
        },
        {
          "url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"
        },
        {
          "url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"
        }
      ],
      "title": "ALSA: usb-audio: Stop parsing channels bits when all channels are found.",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27436",
    "datePublished": "2024-05-17T12:12:40.017Z",
    "dateReserved": "2024-02-25T13:47:42.687Z",
    "dateUpdated": "2024-11-07T20:20:17.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27436\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-17T13:15:58.147\",\"lastModified\":\"2024-11-07T21:35:07.917\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\\n\\nIf a usb audio device sets more bits than the amount of channels\\nit could write outside of the map array.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: deja de analizar bits de canales cuando se encuentran todos los canales. Si un dispositivo de audio USB establece m\u00e1s bits que la cantidad de canales, podr\u00eda escribir fuera de la matriz del mapa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.