parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. #### Notes Author| Note ---|--- [tyhicks](<https://launchpad.net/~tyhicks>) | The parse_audio_mixer_unit() function has changed its handling of the input pins and source ID over time but I believe that it is vulnerable all the way back to the start of git history.

Affected Package

OS OS Version Package Name Package Version
ubuntu 19.04 linux 5.0.0-31.33
ubuntu 12.04 linux any
ubuntu 14.04 linux any
ubuntu upstream linux 5.3~rc5
ubuntu 16.04 linux 4.4.0-166.195
ubuntu 19.04 linux-aws 5.0.0-1018.20
ubuntu 14.04 linux-aws 4.4.0-1056.60
ubuntu upstream linux-aws 5.3~rc5
ubuntu 16.04 linux-aws 4.4.0-1096.107
ubuntu upstream linux-aws-5.0 5.3~rc5
ubuntu upstream linux-aws-hwe 5.3~rc5
ubuntu 16.04 linux-aws-hwe 4.15.0-1052.54~16.04.1
ubuntu 19.04 linux-azure 5.0.0-1022.23
ubuntu 14.04 linux-azure 4.15.0-1061.66~14.04.1
ubuntu upstream linux-azure 5.3~rc5
ubuntu 16.04 linux-azure 4.15.0-1061.66
ubuntu upstream linux-azure-5.3 5.3~rc5
ubuntu upstream linux-azure-edge 5.3~rc5
ubuntu 16.04 linux-azure-edge 4.15.0-1061.66
ubuntu 19.04 linux-gcp 5.0.0-1020.20
ubuntu upstream linux-gcp 5.3~rc5
ubuntu 16.04 linux-gcp 4.15.0-1047.50
ubuntu upstream linux-gcp-5.3 5.3~rc5
ubuntu upstream linux-gcp-edge 5.3~rc5
ubuntu upstream linux-gke-4.15 5.3~rc5
ubuntu upstream linux-gke-5.0 5.3~rc5
ubuntu upstream linux-gke-5.3 5.3~rc5
ubuntu upstream linux-hwe 5.3~rc5
ubuntu 16.04 linux-hwe 4.15.0-66.75~16.04.1
ubuntu upstream linux-hwe-edge 5.3~rc5
ubuntu 16.04 linux-hwe-edge 4.15.0-66.75~16.04.1
ubuntu 19.04 linux-kvm 5.0.0-1019.20
ubuntu upstream linux-kvm 5.3~rc5
ubuntu 16.04 linux-kvm 4.4.0-1060.67
ubuntu 12.04 linux-lts-trusty any
ubuntu upstream linux-lts-trusty 5.3~rc5
ubuntu 14.04 linux-lts-xenial 4.4.0-166.195~14.04.1
ubuntu upstream linux-lts-xenial 5.3~rc5
ubuntu 19.10 linux-oem 4.15.0-1059.68
ubuntu upstream linux-oem 5.3~rc5
ubuntu 16.04 linux-oem any
ubuntu upstream linux-oem-5.6 5.3~rc5
ubuntu 19.10 linux-oem-osp1 5.0.0-1024.27
ubuntu upstream linux-oem-osp1 5.3~rc5
ubuntu 19.04 linux-oracle 5.0.0-1004.8
ubuntu upstream linux-oracle 5.3~rc5
ubuntu 16.04 linux-oracle 4.15.0-1027.30~16.04.1
ubuntu upstream linux-oracle-5.0 5.3~rc5
ubuntu upstream linux-oracle-5.3 5.3~rc5
ubuntu 19.04 linux-raspi2 5.0.0-1019.19
ubuntu upstream linux-raspi2 5.3~rc5
ubuntu 16.04 linux-raspi2 4.4.0-1124.133
ubuntu upstream linux-raspi2-5.3 5.3~rc5
ubuntu 19.04 linux-snapdragon 5.0.0-1023.24
ubuntu upstream linux-snapdragon 5.3~rc5
ubuntu 16.04 linux-snapdragon 4.4.0-1128.136