Linux Kernel ALSA Firewire-lib Uninitialized Flag Vulnerability in AV/C Deferred Transaction

Vulnerability

A vulnerability in the Linux kernel's ALSA firewire-lib component has been addressed. The issue involved an uninitialized flag for AV/C deferred transactions, which could lead to undefined behavior. The vulnerability was identified by Undefined Behavior Sanitizer (UBSAN) as an invalid load of a boolean value. This problem arose because the 'deferrable' flag could remain uninitialized for non-control/notify AV/C transactions, potentially causing issues with AV/C responses that use INTERIM status, although such responses are not applicable to the affected transactions.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the kernel, as indicated by the UBSAN report of an invalid load operation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ALSA Firewire-lib Uninitialized Flag Vulnerability in AV/C Deferred Transaction

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating