7.1

CVE-2025-38249

ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()

In snd_usb_get_audioformat_uac3(), the length value returned from
snd_usb_ctl_msg() is used directly for memory allocation without
validation. This length is controlled by the USB device.

The allocated buffer is cast to a uac3_cluster_header_descriptor
and its fields are accessed without verifying that the buffer
is large enough. If the device returns a smaller than expected
length, this leads to an out-of-bounds read.

Add a length check to ensure the buffer is large enough for
uac3_cluster_header_descriptor.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.17 < 5.4.296
LinuxLinux Kernel Version >= 5.5 < 5.10.240
LinuxLinux Kernel Version >= 5.11 < 5.15.187
LinuxLinux Kernel Version >= 5.16 < 6.1.143
LinuxLinux Kernel Version >= 6.2 < 6.6.96
LinuxLinux Kernel Version >= 6.7 < 6.12.36
LinuxLinux Kernel Version >= 6.13 < 6.15.5
LinuxLinux Kernel Version6.16 Updaterc1
LinuxLinux Kernel Version6.16 Updaterc2
LinuxLinux Kernel Version6.16 Updaterc3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.048
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401
Patch
https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
Patch
https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b
Patch
https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36
Patch
https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a
Patch
https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b
Patch
https://git.kernel.org/stable/c/24ff7d465c4284529bbfa207757bffb6f44b6403
Patch
https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054a5da61927cdda21
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List