CVE-2024-27436

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 1.48% Top 25%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f
https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a
https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827
https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064
https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6
https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72
https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9
https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d
https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Frequently Asked Questions

What is the severity of CVE-2024-27436?
CVE-2024-27436 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27436?
To fix CVE-2024-27436, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27436 being actively exploited in the wild?
It is possible that CVE-2024-27436 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27436?
CVE-2024-27436 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.