Linux Kernel ALSA Scarlett2 Buffer Overflow Vulnerability in Config Retrieval

A buffer overflow vulnerability has been identified in the Linux kernel's ALSA Scarlett2 USB audio driver. The issue arises in the 'scarlett2_usb_get_config()' function, where a logic error in the endianness conversion can lead to buffer overflows when the count of elements is greater than one. The vulnerability is present in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, which may allow for arbitrary code execution or cause a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by using a Scarlett2 USB audio device with a Linux kernel version that includes the vulnerable 'scarlett2_usb_get_config()' function. When the device is accessed through the ALSA subsystem, the function will incorrectly handle the endianness conversion for configuration items, leading to a buffer overflow when the count of items is greater than one.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is '6f5c69f72e50d51be3a8c028ae7eda42c82902cb', which is available in the Linux kernel stable tree.