CVE-2025-68783
Description
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-mixer: us16x08: validate meter packet indices
get_meter_levels_from_urb() parses the 64-byte meter packets sent by the device and fills the per-channel arrays meter_level[], comp_level[] and master_level[] in struct snd_us16x08_meter_store.
Currently the function derives the channel index directly from the meter packet (MUB2(meter_urb, s) - 1) and uses it to index those arrays without validating the range. If the packet contains a negative or out-of-range channel number, the driver may write past the end of these arrays.
Introduce a local channel variable and validate it before updating the arrays. We reject negative indices, limit meter_level[] and comp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[] updates with ARRAY_SIZE(master_level).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing bounds check in the Linux kernel's ALSA usb-mixer driver for the US-16x08 device can lead to out-of-bounds array writes via crafted USB meter packets.
Vulnerability
Overview
The Linux kernel's ALSA usb-mixer driver for the TASCAM US-16x08 audio interface contains an out-of-bounds write vulnerability in the get_meter_levels_from_urb() function. This function parses 64-byte meter packets sent by the device and uses a channel index derived directly from the packet data (MUB2(meter_urb, s) - 1) to index into the meter_level[], comp_level[], and master_level[] arrays without validating the range. If the device sends a packet with a negative or out-of-range channel number, the driver writes past the end of these arrays, causing memory corruption.
Exploitation
The vulnerability is exploitable by an attacker who can control the USB device connected to the system or who can inject malicious USB packets (e.g., through a compromised or malicious USB device). No special privileges are required beyond the ability to send USB control transfers to the affected driver. The attack surface is local physical access or a compromised USB device; remote exploitation is not possible without prior USB access.
Impact
Successful exploitation allows an attacker to write controlled data beyond the bounds of the stack-allocated arrays, potentially leading to kernel memory corruption. This can result in a denial of service (system crash) or, in more sophisticated scenarios, arbitrary code execution in the kernel context. The vulnerability affects systems with the US-16x08 device connected and the snd-usb-usx2y driver loaded.
Mitigation
The fix was applied in Linux kernel commits [1], [2], and [3] (stable backports). Users should update to a kernel version containing these patches. No workaround is available other than disconnecting the affected device or blacklisting the driver. The vulnerability is not known to be exploited in the wild as of publication.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.kernel.org/stable/c/2168866396bd28ec4f3c8da0fbc7d08b5bd4f053nvd
- git.kernel.org/stable/c/2f21a7cbaaa93926f5be15bc095b9c57c35748d9nvd
- git.kernel.org/stable/c/53461710a95e15ac1f6542450943a492ecf8e550nvd
- git.kernel.org/stable/c/5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1envd
- git.kernel.org/stable/c/a8ad320efb663be30b794e3dd3e829301c0d0ed3nvd
- git.kernel.org/stable/c/cde47f4ccad6751ac36b7471572ddf38ee91870cnvd
- git.kernel.org/stable/c/eaa95228b8a56c4880a182c0350d67922b22408fnvd
News mentions
0No linked articles in our index yet.