Home

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices get_meter_levels_from_urb() parses the 64-byte meter packets sent by the device and fills the per-channel arrays meter_level[], comp_level[] and master_level[] in struct snd_us16x08_meter_store. Currently the function derives the channel index directly from the meter packet (MUB2(meter_urb, s) - 1) and uses it to index those arrays without validating the range. If the packet contains a negative or out-of-range channel number, the driver may write past the end of these arrays. Introduce a local channel variable and validate it before updating the arrays. We reject negative indices, limit meter_level[] and comp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[] updates with ARRAY_SIZE(master_level).

PUBLISHED Reserved 2025-12-24 | Published 2026-01-13 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before 53461710a95e15ac1f6542450943a492ecf8e550
affected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before 2168866396bd28ec4f3c8da0fbc7d08b5bd4f053
affected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before cde47f4ccad6751ac36b7471572ddf38ee91870c
affected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before 2f21a7cbaaa93926f5be15bc095b9c57c35748d9
affected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before a8ad320efb663be30b794e3dd3e829301c0d0ed3
affected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before eaa95228b8a56c4880a182c0350d67922b22408f
affected

d2bb390a2081a36ffe906724d2848d846f2aeb29 (git) before 5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e
affected

Default status
affected

4.11
affected

Any version before 4.11
unaffected

5.10.248 (semver)
unaffected

5.15.198 (semver)
unaffected

6.1.160 (semver)
unaffected

6.6.120 (semver)
unaffected

6.12.64 (semver)
unaffected

6.18.3 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/53461710a95e15ac1f6542450943a492ecf8e550

git.kernel.org/...c/2168866396bd28ec4f3c8da0fbc7d08b5bd4f053

git.kernel.org/...c/cde47f4ccad6751ac36b7471572ddf38ee91870c

git.kernel.org/...c/2f21a7cbaaa93926f5be15bc095b9c57c35748d9

git.kernel.org/...c/a8ad320efb663be30b794e3dd3e829301c0d0ed3

git.kernel.org/...c/eaa95228b8a56c4880a182c0350d67922b22408f

git.kernel.org/...c/5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e

cve.org (CVE-2025-68783)

nvd.nist.gov (CVE-2025-68783)

Download JSON