The USB-audio driver in the Linux kernel has an out-of-bounds access vulnerability that possibly enables an attacker with physical access to the system to use a malicious USB device to escalate privileges, modify system memory, or run arbitrary code. A critical vulnerability in the USB-audio driver, which could lead to out-of-bounds memory reads, has been addressed by a recent patch to the Linux kernel, authored by Takashi Iwai of SUSE. Linux Kernel Update Fixes USB Audio Vulnerability The fix, committed by Greg Kroah-Hartman of the Linux Foundation on December 14, 2024, enhances the driver’s stability and security for systems using USB audio devices. The clock selector descriptor, which includes a variable-length array and additional fields, receives an even more thorough validation to account for its complexity across USB Audio Class (UAC) versions 2 and 3. Without these checks, a malformed or maliciously crafted descriptor with an insufficient length could trigger memory access beyond allocated bounds, potentially crashing the system or exposing it to exploitation. “This update is a proactive step to safeguard Linux systems interfacing with USB audio hardware,” said Iwai in the patch notes. The vulnerability arises when a USB audio device provides a descriptor with a bLength value shorter than the expected structure size. If the descriptor was truncated either due to a hardware flaw or deliberate manipulation the driver could read past the allocated memory buffer into adjacent, unintended areas. In a worst-case scenario, a skilled attacker could chain this with other exploits to escalate privileges or execute arbitrary code, though such an attack would require precise control over the USB device and additional vulnerabilities.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Apr 2025 21:45:11 +0000