Linux Kernel ALSA UMP Buffer Overflow Vulnerability in SysEx Message Conversion

Vulnerability

A buffer overflow vulnerability has been identified in the Linux kernel's Advanced Linux Sound Architecture (ALSA) Universal MIDI Packet (UMP) message handling. The issue arises in the conversion function from MIDI 1.0 to UMP, which uses an internal buffer designed to hold incoming MIDI bytes. This buffer, originally sized for a maximum of 4 bytes, fails to accommodate the full 6-byte potential of longer System Exclusive (SysEx) messages. As a result, when a lengthy SysEx message is received, the overflow can lead to memory corruption. The vulnerability has been addressed by increasing the buffer size to 6 bytes to properly align with the UMP representation of SysEx messages.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, causing memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ALSA UMP Buffer Overflow Vulnerability in SysEx Message Conversion

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating