CVE-2024-53150

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: usb-audio: Fix out of bounds reads when finding clock sources<br /> <br /> The current USB-audio driver code doesn&amp;#39;t check bLength of each<br /> descriptor at traversing for clock descriptors. That is, when a<br /> device provides a bogus descriptor with a shorter bLength, the driver<br /> might hit out-of-bounds reads.<br /> <br /> For addressing it, this patch adds sanity checks to the validator<br /> functions for the clock descriptor traversal. When the descriptor<br /> length is shorter than expected, it&amp;#39;s skipped in the loop.<br /> <br /> For the clock source and clock multiplier descriptors, we can just<br /> check bLength against the sizeof() of each descriptor type.<br /> OTOH, the clock selector descriptor of UAC2 and UAC3 has an array<br /> of bNrInPins elements and two more fields at its tail, hence those<br /> have to be checked in addition to the sizeof() check.