-

CVE-2025-68783

EPSS 0.03%
Veröffentlicht 13.01.2026 15:28:57
Zuletzt bearbeitet 19.01.2026 13:16:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-mixer: us16x08: validate meter packet indices

get_meter_levels_from_urb() parses the 64-byte meter packets sent by
the device and fills the per-channel arrays meter_level[],
comp_level[] and master_level[] in struct snd_us16x08_meter_store.

Currently the function derives the channel index directly from the
meter packet (MUB2(meter_urb, s) - 1) and uses it to index those
arrays without validating the range. If the packet contains a
negative or out-of-range channel number, the driver may write past
the end of these arrays.

Introduce a local channel variable and validate it before updating the
arrays. We reject negative indices, limit meter_level[] and
comp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[]
updates with ARRAY_SIZE(master_level).

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 53461710a95e15ac1f6542450943a492ecf8e550

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

Version < 2168866396bd28ec4f3c8da0fbc7d08b5bd4f053

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

Version < cde47f4ccad6751ac36b7471572ddf38ee91870c

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

Version < 2f21a7cbaaa93926f5be15bc095b9c57c35748d9

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

Version < a8ad320efb663be30b794e3dd3e829301c0d0ed3

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

Version < eaa95228b8a56c4880a182c0350d67922b22408f

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

Version < 5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e

Version d2bb390a2081a36ffe906724d2848d846f2aeb29

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.11

Status affected

Version < 4.11

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.64

Status unaffected

Version <= 6.18.*

Version 6.18.3

Status unaffected

Version <= *

Version 6.19-rc3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/cde47f4ccad6751ac36b7471572ddf38ee91870c

https://git.kernel.org/stable/c/2f21a7cbaaa93926f5be15bc095b9c57c35748d9

https://git.kernel.org/stable/c/a8ad320efb663be30b794e3dd3e829301c0d0ed3

https://git.kernel.org/stable/c/eaa95228b8a56c4880a182c0350d67922b22408f

https://git.kernel.org/stable/c/5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e

https://git.kernel.org/stable/c/2168866396bd28ec4f3c8da0fbc7d08b5bd4f053

https://git.kernel.org/stable/c/53461710a95e15ac1f6542450943a492ecf8e550

https://nvd.nist.gov/vuln/detail/CVE-2025-68783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68783

EUVD