Bug 2333971 (CVE-2024-53150) - CVE-2024-53150 kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources
Summary: CVE-2024-53150 kernel: ALSA: usb-audio: Fix out of bounds reads when finding ...
Keywords:
Status: NEW
Alias: CVE-2024-53150
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-24 12:01 UTC by OSIDB Bzimport
Modified: 2025-05-08 19:55 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:3914 0 None None None 2025-04-15 16:03:30 UTC
Red Hat Product Errata RHBA-2025:3941 0 None None None 2025-04-16 07:57:25 UTC
Red Hat Product Errata RHBA-2025:4041 0 None None None 2025-04-21 22:11:10 UTC
Red Hat Product Errata RHBA-2025:4697 0 None None None 2025-05-07 22:48:50 UTC
Red Hat Product Errata RHSA-2025:3827 0 None None None 2025-04-14 01:21:01 UTC
Red Hat Product Errata RHSA-2025:3832 0 None None None 2025-04-14 08:06:11 UTC
Red Hat Product Errata RHSA-2025:3838 0 None None None 2025-04-14 10:49:35 UTC
Red Hat Product Errata RHSA-2025:3839 0 None None None 2025-04-14 10:49:24 UTC
Red Hat Product Errata RHSA-2025:3861 0 None None None 2025-04-14 15:11:31 UTC
Red Hat Product Errata RHSA-2025:3871 0 None None None 2025-04-15 01:33:52 UTC
Red Hat Product Errata RHSA-2025:3880 0 None None None 2025-04-15 02:03:16 UTC
Red Hat Product Errata RHSA-2025:3887 0 None None None 2025-04-15 09:08:49 UTC
Red Hat Product Errata RHSA-2025:3888 0 None None None 2025-04-15 09:09:10 UTC
Red Hat Product Errata RHSA-2025:3889 0 None None None 2025-04-15 09:09:01 UTC
Red Hat Product Errata RHSA-2025:3893 0 None None None 2025-04-15 09:50:02 UTC
Red Hat Product Errata RHSA-2025:3894 0 None None None 2025-04-15 09:46:50 UTC
Red Hat Product Errata RHSA-2025:3901 0 None None None 2025-04-15 11:38:48 UTC
Red Hat Product Errata RHSA-2025:3903 0 None None None 2025-04-15 11:52:22 UTC
Red Hat Product Errata RHSA-2025:3931 0 None None None 2025-04-15 20:43:09 UTC
Red Hat Product Errata RHSA-2025:3935 0 None None None 2025-04-16 03:11:42 UTC
Red Hat Product Errata RHSA-2025:3937 0 None None None 2025-04-16 07:00:53 UTC
Red Hat Product Errata RHSA-2025:4012 0 None None None 2025-04-23 12:41:51 UTC
Red Hat Product Errata RHSA-2025:4019 0 None None None 2025-04-22 23:52:22 UTC
Red Hat Product Errata RHSA-2025:4177 0 None None None 2025-04-30 07:12:10 UTC
Red Hat Product Errata RHSA-2025:4409 0 None None None 2025-05-08 19:54:53 UTC
Red Hat Product Errata RHSA-2025:4422 0 None None None 2025-05-08 19:55:45 UTC

Description OSIDB Bzimport 2024-12-24 12:01:27 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors.  That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.

For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal.  When the descriptor
length is shorter than expected, it's skipped in the loop.

For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.
Comment 1 Mauro Matteo Cascella 2024-12-24 14:16:17 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024122427-CVE-2024-53150-3a7d@gregkh/T
Comment 2 Robb Gatica 2025-04-09 20:22:01 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024122427-CVE-2024-53150-3a7d@gregkh/T
Comment 3 Klaas Demter 2025-04-10 11:11:10 UTC 
This has been added to the CISAs "Known Exploited Vulnerabilities" list. Any plans to address this in supported RHELs?
https://www.cisa.gov/news-events/alerts/2025/04/09/cisa-adds-two-known-exploited-vulnerabilities-catalog
Comment 4 errata-xmlrpc 2025-04-14 01:20:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:3827 https://access.redhat.com/errata/RHSA-2025:3827
Comment 5 errata-xmlrpc 2025-04-14 08:06:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:3832 https://access.redhat.com/errata/RHSA-2025:3832
Comment 6 errata-xmlrpc 2025-04-14 10:49:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:3839 https://access.redhat.com/errata/RHSA-2025:3839
Comment 7 errata-xmlrpc 2025-04-14 10:49:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:3838 https://access.redhat.com/errata/RHSA-2025:3838
Comment 8 errata-xmlrpc 2025-04-14 15:11:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:3861 https://access.redhat.com/errata/RHSA-2025:3861
Comment 9 errata-xmlrpc 2025-04-15 01:33:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2025:3871 https://access.redhat.com/errata/RHSA-2025:3871
Comment 10 errata-xmlrpc 2025-04-15 02:03:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:3880 https://access.redhat.com/errata/RHSA-2025:3880
Comment 11 errata-xmlrpc 2025-04-15 09:08:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:3887 https://access.redhat.com/errata/RHSA-2025:3887
Comment 12 errata-xmlrpc 2025-04-15 09:09:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:3889 https://access.redhat.com/errata/RHSA-2025:3889
Comment 13 errata-xmlrpc 2025-04-15 09:09:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:3888 https://access.redhat.com/errata/RHSA-2025:3888
Comment 14 errata-xmlrpc 2025-04-15 09:46:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:3894 https://access.redhat.com/errata/RHSA-2025:3894
Comment 15 errata-xmlrpc 2025-04-15 09:50:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:3893 https://access.redhat.com/errata/RHSA-2025:3893
Comment 16 errata-xmlrpc 2025-04-15 11:38:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:3901 https://access.redhat.com/errata/RHSA-2025:3901
Comment 17 errata-xmlrpc 2025-04-15 11:52:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2025:3903 https://access.redhat.com/errata/RHSA-2025:3903
Comment 18 errata-xmlrpc 2025-04-15 20:43:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2025:3931 https://access.redhat.com/errata/RHSA-2025:3931
Comment 19 errata-xmlrpc 2025-04-16 03:11:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:3935 https://access.redhat.com/errata/RHSA-2025:3935
Comment 20 errata-xmlrpc 2025-04-16 07:00:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:3937 https://access.redhat.com/errata/RHSA-2025:3937
Comment 21 errata-xmlrpc 2025-04-22 23:52:20 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:4019 https://access.redhat.com/errata/RHSA-2025:4019
Comment 22 errata-xmlrpc 2025-04-23 12:41:49 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:4012 https://access.redhat.com/errata/RHSA-2025:4012
Comment 23 errata-xmlrpc 2025-04-30 07:12:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2025:4177 https://access.redhat.com/errata/RHSA-2025:4177
Comment 25 errata-xmlrpc 2025-05-08 19:54:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2025:4409 https://access.redhat.com/errata/RHSA-2025:4409
Comment 26 errata-xmlrpc 2025-05-08 19:55:43 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2025:4422 https://access.redhat.com/errata/RHSA-2025:4422
Note You need to log in before you can comment on or make changes to this bug.