CVE-2024-27436
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.
INFO
Published Date :
May 17, 2024, 1:15 p.m.
Last Modified :
Nov. 21, 2024, 9:04 a.m.
Remotely Exploit :
Yes !
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
Solution
- Update the affected kernel packages.
- Update all affected Linux packages.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-27436.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-27436 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-27436
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-27436 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-27436 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72 Added Reference https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827 Added Reference https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6 Added Reference https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a Added Reference https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d Added Reference https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f Added Reference https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064 Added Reference https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7 Added Reference https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9 Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Added Reference https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 07, 2024
Action Type Old Value New Value Added CWE CISA-ADP CWE-787 Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Nov. 05, 2024
Action Type Old Value New Value Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 27, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jun. 25, 2024
Action Type Old Value New Value Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html [No types assigned] -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 29, 2024
Action Type Old Value New Value -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 17, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. Added Reference kernel.org https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7 [No types assigned]