Linux Kernel ALSA Line6 MIDI Buffer Overflow Vulnerability

A buffer overflow vulnerability has been addressed in the Linux kernel's ALSA Line6 MIDI driver. This issue occurred in versions prior to the patch and involved a stack overflow in the 'line6_midi_transmit' function. The vulnerability was triggered when multiple MIDI System Exclusive (sysex) messages were sent to a PODxt device, leading to a stack overflow. The root cause was an incorrect calculation of the available buffer space, which failed to account for the size of the chunk buffer. The vulnerability has been fixed by properly calculating the available space, including the chunk buffer size.

Impact

Exploitation of this vulnerability could lead to a stack overflow, potentially allowing for arbitrary code execution or causing a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by sending multiple MIDI sysex messages to a PODxt device using a Line6 USB interface. The 'line6_midi_transmit' function in the ALSA USB Line6 MIDI driver will incorrectly calculate the available buffer space, leading to a stack overflow.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the patched version can be found in the Linux kernel documentation.