Linux Kernel ALSA USB Mixer Tascam US-16x08 Meter Packet Index Validation Vulnerability

A vulnerability in the Linux kernel's ALSA USB mixer for the Tascam US-16x08 device allows for improper validation of meter packet indices. The issue arises in the 'get_meter_levels_from_urb()' function, which processes 64-byte meter packets from the device. The function currently derives the channel index from the meter packet without validating the range. This can lead to writing past the end of the per-channel arrays 'meter_level[]', 'comp_level[]', and 'master_level[]' in the 'snd_us16x08_meter_store' structure. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a buffer overflow by writing past the allocated end of the channel arrays, potentially leading to memory corruption.

Reproduction

The vulnerability can be reproduced by sending a meter packet with a negative or out-of-range channel number to the 'get_meter_levels_from_urb()' function. This can be done by manipulating the USB audio data sent to the Tascam US-16x08 device, specifically targeting the indices used to update the meter levels in the 'snd_us16x08_meter_store' structure.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.