Linux Kernel ALSA OSS PCM Buffer Allocation Overflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Advanced Linux Sound Architecture (ALSA) Open Sound System (OSS) layer has been identified, related to improper buffer allocation for Pulse Code Modulation (PCM) data. This issue arises when the PCM OSS layer creates a temporary buffer for data conversion, which can unexpectedly exceed the maximum integer value, leading to an overflow. The vulnerability has been addressed by introducing a 1MB upper limit on buffer sizes, ensuring that temporary allocations remain within a manageable range.

Impact

The vulnerability could lead to a buffer allocation overflow, causing the system to attempt to allocate a buffer larger than the maximum integer value, which can result in memory corruption or other unintended behaviors.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ALSA OSS PCM Buffer Allocation Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating