-

CVE-2025-68346

EPSS 0.04%
Veröffentlicht 24.12.2025 10:32:39
Zuletzt bearbeitet 19.01.2026 13:16:10
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: dice: fix buffer overflow in detect_stream_formats()

The function detect_stream_formats() reads the stream_count value directly
from a FireWire device without validating it. This can lead to
out-of-bounds writes when a malicious device provides a stream_count value
greater than MAX_STREAMS.

Fix by applying the same validation to both TX and RX stream counts in
detect_stream_formats().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d6280a5b00cad37d9a9a875849e5bf7ed2fe4950

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < 3cf854cec0eb371da47ff5fe56eab189d7fa623a

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < 4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < 932aa1e80b022419cf9710e970739b7a8794f27c

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < 1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

Version < 324f3e03e8a85931ce0880654e3c3eb38b0f0bba

Version 58579c056c1c9510ae6695ed8e01ee05bbdcfb23

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.18

Status affected

Version < 4.18

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.63

Status unaffected

Version <= 6.17.*

Version 6.17.13

Status unaffected

Version <= 6.18.*

Version 6.18.2

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.132

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6

https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c

https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9

https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba

https://git.kernel.org/stable/c/4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4

https://git.kernel.org/stable/c/dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0

https://git.kernel.org/stable/c/3cf854cec0eb371da47ff5fe56eab189d7fa623a

https://git.kernel.org/stable/c/d6280a5b00cad37d9a9a875849e5bf7ed2fe4950

https://nvd.nist.gov/vuln/detail/CVE-2025-68346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68346

EUVD