CVE-2025-39757
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2025
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ALSA: usb-audio: Validate UAC3 cluster segment descriptors<br />
<br />
UAC3 class segment descriptors need to be verified whether their sizes<br />
match with the declared lengths and whether they fit with the<br />
allocated buffer sizes, too. Otherwise malicious firmware may lead to<br />
the unexpected OOB accesses.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1034719fdefd26caeec0a44a868bb5a412c2c1a5
- https://git.kernel.org/stable/c/275e37532e8ebe25e8a4069b2d9f955bfd202a46
- https://git.kernel.org/stable/c/47ab3d820cb0a502bd0074f83bb3cf7ab5d79902
- https://git.kernel.org/stable/c/786571b10b1ae6d90e1242848ce78ee7e1d493c4
- https://git.kernel.org/stable/c/799c06ad4c9c790c265e8b6b94947213f1fb389c
- https://git.kernel.org/stable/c/7ef3fd250f84494fb2f7871f357808edaa1fc6ce
- https://git.kernel.org/stable/c/ae17b3b5e753efc239421d186cd1ff06e5ac296e
- https://git.kernel.org/stable/c/dfdcbcde5c20df878178245d4449feada7d5b201
- https://git.kernel.org/stable/c/ecfd41166b72b67d3bdeb88d224ff445f6163869
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html