2429024 – (CVE-2025-68783) CVE-2025-68783 kernel: ALSA: usb-mixer: us16x08: validate meter packet indices

Bug 2429024 (CVE-2025-68783) - CVE-2025-68783 kernel: ALSA: usb-mixer: us16x08: validate meter packet indices

Summary: CVE-2025-68783 kernel: ALSA: usb-mixer: us16x08: validate meter packet indices

Keywords:
Status:	NEW
Alias:	CVE-2025-68783
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-13 16:01 UTC by OSIDB Bzimport
Modified:	2026-01-15 04:50 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-13 16:01:23 UTC

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-mixer: us16x08: validate meter packet indices

get_meter_levels_from_urb() parses the 64-byte meter packets sent by
the device and fills the per-channel arrays meter_level[],
comp_level[] and master_level[] in struct snd_us16x08_meter_store.

Currently the function derives the channel index directly from the
meter packet (MUB2(meter_urb, s) - 1) and uses it to index those
arrays without validating the range. If the packet contains a
negative or out-of-range channel number, the driver may write past
the end of these arrays.

Introduce a local channel variable and validate it before updating the
arrays. We reject negative indices, limit meter_level[] and
comp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[]
updates with ARRAY_SIZE(master_level).

Comment 1 Jon Moroney 2026-01-15 04:47:42 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026011302-CVE-2025-68783-e807@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.