CVE-2025-38249

HIGH EPSS 4.8%
Published Jul 9, 202511mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Jul 9, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device. The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read. Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥4.17  –  <5.4.296
linuxlinux_kernel*≥5.5  –  <5.10.240
linuxlinux_kernel*≥5.11  –  <5.15.187
linuxlinux_kernel*≥5.16  –  <6.1.143
linuxlinux_kernel*≥6.2  –  <6.6.96
linuxlinux_kernel*≥6.7  –  <6.12.36
linuxlinux_kernel*≥6.13  –  <6.15.5
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24ff7d465c4284529bbfa207757bffb6f44b6403
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054a5da61927cdda21
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24ff7d465c4284529bbfa207757bffb6f44b6403
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054a5da61927cdda21
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a
    Patch