Linux Kernel ALSA Caiaq Stack Out-of-Bounds Read Vulnerability

A stack out-of-bounds read vulnerability has been identified in the Linux kernel's ALSA Caiaq USB driver. This issue arises in the 'init_card' function, where a loop creates a copy of the card's short name without properly accounting for the null terminator. The vulnerability affects Linux kernel versions through 6.4.0-rc6.

Impact

Exploitation of this vulnerability leads to a stack out-of-bounds read, where the contents of the stack are improperly accessed, potentially causing information leakage or other unintended behavior.

Reproduction

The vulnerability can be reproduced by using a USB device with a product name that includes a large number of non-ASCII, non-space characters, such as multibyte UTF-8. When the device is connected, the 'init_card' function processes the product name, triggering the out-of-bounds read by overwriting the stack buffer's null terminator. This can be observed in the kernel's log, where the Kernel Address Sanitizer (KASAN) reports the stack-out-of-bounds error.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the latest version can be found on the official Linux kernel website.