Linux Kernel ALSA USB Audio Out-of-Bounds Read Vulnerability in Audio Format Handling

A vulnerability in the Linux kernel's Advanced Linux Sound Architecture (ALSA) USB audio subsystem has been addressed. The issue arose in the function 'snd_usb_get_audioformat_uac3()', where the length returned by 'snd_usb_ctl_msg()' was used for memory allocation without proper validation. This oversight allowed for an out-of-bounds read, as the allocated buffer, when cast to a 'uac3_cluster_header_descriptor', could be accessed without ensuring it was sufficiently large. If a USB device returned a shorter length than expected, it led to reading beyond the allocated memory. The vulnerability has been fixed by adding a length check to ensure the buffer is adequate for the 'uac3_cluster_header_descriptor'.

Impact

Exploitation of this vulnerability could lead to unauthorized memory access, causing an out-of-bounds read that could potentially be exploited to manipulate program execution or cause a denial-of-service condition.