SB20251226297 - Buffer overflow in Linux kernel usb line6

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2022-50719)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the line6_midi_transmit() function in sound/usb/line6/midi.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0c76087449ee4ed45a88b10017d02c6694caedb1
• https://git.kernel.org/stable/c/0c9118e381ff538874e00fd4e66a768273c150fb
• https://git.kernel.org/stable/c/25e8c6ecb46843a955f254b8f0d77894e4a53dc4
• https://git.kernel.org/stable/c/389d34c2a8b52acc351fd932ed4bea41fee5a39b
• https://git.kernel.org/stable/c/49cb7737e733013ec86aa77ed2e19b94a68eaa05
• https://git.kernel.org/stable/c/61e4be4a60cc6de723f8c574ddbcb3025eb44cac
• https://git.kernel.org/stable/c/66f359ad66d49f75d39ac729f9114dabf90b81bb
• https://git.kernel.org/stable/c/b026af92b2cea907c780f7168c730c816cd33311
• https://git.kernel.org/stable/c/b8800d324abb50160560c636bfafe2c81001b66c
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.87
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2