{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27436", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.687Z", "datePublished": "2024-05-17T12:12:40.017Z", "dateUpdated": "2024-11-07T20:20:17.657Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:22:00.235Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\n\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/stream.c"], "versions": [{"version": "04324ccc75f9", "lessThan": "7e2c1b0f6dd9", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "6d5dc96b154b", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "5cd466673b34", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "9af1658ba293", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "629af0d5fe94", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "22cad1b841a6", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "c8a24fd281dc", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "6d88b289fb0a", "status": "affected", "versionType": "git"}, {"version": "04324ccc75f9", "lessThan": "a39d51ff1f52", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/stream.c"], "versions": [{"version": "3.8", "status": "affected"}, {"version": "0", "lessThan": "3.8", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.311", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.273", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.214", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.153", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"}, {"url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"}, {"url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"}, {"url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"}, {"url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"}, {"url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"}, {"url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"}, {"url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"}, {"url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"}], "title": "ALSA: usb-audio: Stop parsing channels bits when all channels are found.", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-21T15:45:09.433584Z", "id": "CVE-2024-27436", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T20:20:17.657Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.266Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.266Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-27436", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:45:09.433584Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.210Z"}}], "cna": {"title": "ALSA: usb-audio: Stop parsing channels bits when all channels are found.", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "04324ccc75f9", "lessThan": "7e2c1b0f6dd9", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "6d5dc96b154b", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "5cd466673b34", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "9af1658ba293", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "629af0d5fe94", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "22cad1b841a6", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "c8a24fd281dc", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "6d88b289fb0a", "versionType": "git"}, {"status": "affected", "version": "04324ccc75f9", "lessThan": "a39d51ff1f52", "versionType": "git"}], "programFiles": ["sound/usb/stream.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.8"}, {"status": "unaffected", "version": "0", "lessThan": "3.8", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.311", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.273", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.214", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.153", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.83", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/usb/stream.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"}, {"url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"}, {"url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"}, {"url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"}, {"url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"}, {"url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"}, {"url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"}, {"url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"}, {"url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\n\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:22:00.235Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27436", "state": "PUBLISHED", "dateUpdated": "2024-11-07T20:20:17.657Z", "dateReserved": "2024-02-25T13:47:42.687Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T12:12:40.017Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\n\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: deja de analizar bits de canales cuando se encuentran todos los canales. Si un dispositivo de audio USB establece m\u00e1s bits que la cantidad de canales, podr\u00eda escribir fuera de la matriz del mapa."}], "id": "CVE-2024-27436", "lastModified": "2024-11-07T21:35:07.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-17T13:15:58.147", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: ALSA: usb-audio: Stop parsing channels bits when all channels are found.", "id": "2281141", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281141"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Stop parsing channels bits when all channels are found.\nIf a usb audio device sets more bits than the amount of channels\nit could write outside of the map array."], "name": "CVE-2024-27436", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27436\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27436\nhttps://lore.kernel.org/linux-cve-announce/2024051711-CVE-2024-27436-2227@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.19.311, kernel 5.4.273, kernel 5.10.214, kernel 5.15.153, kernel 6.1.83, kernel 6.6.23, kernel 6.7.11, kernel 6.8.2, kernel 6.9"}