CVE-2025-38249
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device.
The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read.
Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < 24ff7d465c4284529bbfa207757bffb6f44b6403 | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < 2dc1c3edf67abd30c757f8054a5da61927cdda21 | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < c3fb926abe90d86f5e3055e0035f04d9892a118b | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < 6eb211788e1370af52a245d4d7da35c374c7b401 | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < 74fcb3852a2f579151ce80b9ed96cd916ba0d5d8 | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < 0ee87c2814deb5e42921281116ac3abcb326880b | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < 11e740dc1a2c8590eb7074b5c4ab921bb6224c36 | affected |
| Linux | Linux | 9a2fe9b801f585baccf8352d82839dcd54b300cf < fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a | affected |
| Linux | Linux | 4.17 | affected |
| Linux | Linux | 0 < 4.17 | unaffected |
| Linux | Linux | 5.4.296 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.240 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.187 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.143 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.96 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.36 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.5 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
References
- https://git.kernel.org/stable/c/24ff7d465c4284529bbfa207757bffb6f44b6403
- https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054a5da61927cdda21
- https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b
- https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401
- https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
- https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b
- https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36
- https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.