Impact
An out‑of‑bounds read flaw exists in the ALSA USB‑audio driver’s MIDI 2.0 endpoint descriptor parser. The parser checks the length of each terminal block before reading its identifier array but fails to ensure that the subsequent identifier reads stay within the descriptor boundaries. A malicious USB MIDI device can supply a descriptor that forces the driver to read past the valid data, causing a kernel memory disclosure. The weakness aligns with buffer over‑read problems (CWE‑1284).
Affected Systems
Every Linux kernel that contains the ALSA usb‑audio driver without the committed patch is affected. This includes all distributions that compile the kernel from sources before the fix is merged. The issue exists in all releases prior to the commit noted in the advisory, regardless of minor version.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1 % and the absence from the CISA KEV catalog imply a low likelihood of exploitation. Exploitation requires a malicious USB MIDI device to be connected, which is typically a local attack scenario. A successful read may leak kernel memory but does not grant arbitrary code execution; the impact is limited to information disclosure.
OpenCVE Enrichment