Linux Kernel ALSA Dice Buffer Overflow Vulnerability in Stream Format Detection

A buffer overflow vulnerability has been identified in the Linux kernel's ALSA subsystem, specifically within the FireWire 'dice' driver. The issue arises in the 'detect_stream_formats()' function, which reads the 'stream_count' value directly from a FireWire device without proper validation. This oversight can lead to out-of-bounds writes if a malicious device sends a 'stream_count' value exceeding the maximum allowed streams. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, causing out-of-bounds writes that could potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by connecting a malicious FireWire device that sends a 'stream_count' value greater than the maximum allowed. This will trigger the buffer overflow in the 'detect_stream_formats()' function of the ALSA 'dice' driver.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is available in the Linux stable tree.