Home

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device. The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read. Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-09 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before 24ff7d465c4284529bbfa207757bffb6f44b6403
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before 2dc1c3edf67abd30c757f8054a5da61927cdda21
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before c3fb926abe90d86f5e3055e0035f04d9892a118b
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before 6eb211788e1370af52a245d4d7da35c374c7b401
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before 74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before 0ee87c2814deb5e42921281116ac3abcb326880b
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before 11e740dc1a2c8590eb7074b5c4ab921bb6224c36
affected

9a2fe9b801f585baccf8352d82839dcd54b300cf (git) before fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a
affected

Default status
affected

4.17
affected

Any version before 4.17
unaffected

5.4.296 (semver)
unaffected

5.10.240 (semver)
unaffected

5.15.187 (semver)
unaffected

6.1.143 (semver)
unaffected

6.6.96 (semver)
unaffected

6.12.36 (semver)
unaffected

6.15.5 (semver)
unaffected

6.16 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/10/msg00008.html

lists.debian.org/debian-lts-announce/2025/10/msg00007.html

git.kernel.org/...c/24ff7d465c4284529bbfa207757bffb6f44b6403

git.kernel.org/...c/2dc1c3edf67abd30c757f8054a5da61927cdda21

git.kernel.org/...c/c3fb926abe90d86f5e3055e0035f04d9892a118b

git.kernel.org/...c/6eb211788e1370af52a245d4d7da35c374c7b401

git.kernel.org/...c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8

git.kernel.org/...c/0ee87c2814deb5e42921281116ac3abcb326880b

git.kernel.org/...c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36

git.kernel.org/...c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a

cve.org (CVE-2025-38249)

nvd.nist.gov (CVE-2025-38249)

Download JSON