CVE-2025-68783
Published: Jan 13, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices get_meter_levels_from_urb() parses the 64-byte meter packets sent by the device and fills the per-channel arrays meter_level[], comp_level[] and master_level[] in struct snd_us16x08_meter_store. Currently the function derives the channel index directly from the meter packet (MUB2(meter_urb, s) - 1) and uses it to index those arrays without validating the range. If the packet contains a negative or out-of-range channel number, the driver may write past the end of these arrays. Introduce a local channel variable and validate it before updating the arrays. We reject negative indices, limit meter_level[] and comp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[] updates with ARRAY_SIZE(master_level).
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d2bb390a2081a36ffe906724d2848d846f2aeb29 - < 53461710a95e15ac1f6542450943a492ecf8e550affected d2bb390a2081a36ffe906724d2848d846f2aeb29 - < 2168866396bd28ec4f3c8da0fbc7d08b5bd4f053affected d2bb390a2081a36ffe906724d2848d846f2aeb29 - < cde47f4ccad6751ac36b7471572ddf38ee91870caffected d2bb390a2081a36ffe906724d2848d846f2aeb29 - < 2f21a7cbaaa93926f5be15bc095b9c57c35748d9affected d2bb390a2081a36ffe906724d2848d846f2aeb29 - < a8ad320efb663be30b794e3dd3e829301c0d0ed3+2 more versions |
Linux | Linux | affected 4.11unaffected 0 - < 4.11unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now