-

CVE-2025-38249

EPSS 0.04%
Veröffentlicht 09.07.2025 10:42:29
Zuletzt bearbeitet 17.07.2025 17:15:38
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()

In snd_usb_get_audioformat_uac3(), the length value returned from
snd_usb_ctl_msg() is used directly for memory allocation without
validation. This length is controlled by the USB device.

The allocated buffer is cast to a uac3_cluster_header_descriptor
and its fields are accessed without verifying that the buffer
is large enough. If the device returns a smaller than expected
length, this leads to an out-of-bounds read.

Add a length check to ensure the buffer is large enough for
uac3_cluster_header_descriptor.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 24ff7d465c4284529bbfa207757bffb6f44b6403

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < 2dc1c3edf67abd30c757f8054a5da61927cdda21

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < c3fb926abe90d86f5e3055e0035f04d9892a118b

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < 6eb211788e1370af52a245d4d7da35c374c7b401

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < 74fcb3852a2f579151ce80b9ed96cd916ba0d5d8

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < 0ee87c2814deb5e42921281116ac3abcb326880b

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < 11e740dc1a2c8590eb7074b5c4ab921bb6224c36

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

Version < fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a

Version 9a2fe9b801f585baccf8352d82839dcd54b300cf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.17

Status affected

Version < 4.17

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.296

Status unaffected

Version <= 5.10.*

Version 5.10.240

Status unaffected

Version <= 5.15.*

Version 5.15.187

Status unaffected

Version <= 6.1.*

Version 6.1.143

Status unaffected

Version <= 6.6.*

Version 6.6.96

Status unaffected

Version <= 6.12.*

Version 6.12.36

Status unaffected

Version <= 6.15.*

Version 6.15.5

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401

https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8

https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b

https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36

https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a

https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b

https://git.kernel.org/stable/c/24ff7d465c4284529bbfa207757bffb6f44b6403

https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054a5da61927cdda21

https://nvd.nist.gov/vuln/detail/CVE-2025-38249

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38249

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38249

EUVD