CVE-2025-38249

ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device. The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read. Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b
https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401
https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b
https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36
https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a

Frequently Asked Questions

What is the severity of CVE-2025-38249?
CVE-2025-38249 has not yet been assigned a CVSS score.
How to fix CVE-2025-38249?
To fix CVE-2025-38249, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38249 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38249 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38249?
CVE-2025-38249 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.