In the Linux kernel’s ALSA USB‑audio subsystem, the parser for MIDI 2.0 endpoints incorrectly validates the length of the descriptor’s group/termination block before reading the associated block identifiers. The check only confirms the size of the terminal block array, but it does not verify that the subsequent reads stay within the bounds of the parsed descriptor. An attacker supplying a malformed USB MIDI device can cause the parser to read bytes beyond the end of the valid descriptor, potentially exposing kernel memory content or corrupting internal state. The flaw is an example of a buffer over‑read (CWE-126).

All Linux kernels that include the ALSA usb‑audio driver and do not apply the patch referenced in the CVE's associated git commits. The vulnerability is present in all affected Linux kernel releases prior to the fix commit; vendors with kernel packages based on those releases are impacted. No specific product version ranges are listed in the CNA data.

The vulnerability is an out‑of‑bounds read that could allow an attacker to read kernel memory. The likely attack vector involves presenting a malformed USB MIDI 2.0 device to the system via a local USB interface; this inference is based on the fact that the flaw occurs during USB endpoint descriptor parsing. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw requires a malicious USB device, the exploitation probability is probably lower than for network‑exposed vulnerabilities, but it remains significant for systems that automatically enumerate or load USB MIDI devices.