Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()The voice allocator sometimes begins allocating from near the end of thearray and then wraps around, however snd_emu10k1_pcm_channel_alloc()accesses the newly allocated voices as if it never wrapped around.This results in out of bounds access if the first voice has a high enoughindex so that first_voice + requested_voice_count > NUM_G (64).The more voices are requested, the more likely it is for this to occur.This was initially discovered using PipeWire, however it can be reproducedby calling aplay multiple times with 16 channels:aplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zeroUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40index 65 is out of range for type 'snd_emu10k1_voice [64]'CPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7Hardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010Call Trace:
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds