CVE-2025-38249
Published: Jul 9, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device. The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read. Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 9a2fe9b801f585baccf8352d82839dcd54b300cf - < 24ff7d465c4284529bbfa207757bffb6f44b6403affected 9a2fe9b801f585baccf8352d82839dcd54b300cf - < 2dc1c3edf67abd30c757f8054a5da61927cdda21affected 9a2fe9b801f585baccf8352d82839dcd54b300cf - < c3fb926abe90d86f5e3055e0035f04d9892a118baffected 9a2fe9b801f585baccf8352d82839dcd54b300cf - < 6eb211788e1370af52a245d4d7da35c374c7b401affected 9a2fe9b801f585baccf8352d82839dcd54b300cf - < 74fcb3852a2f579151ce80b9ed96cd916ba0d5d8+3 more versions |
Linux | Linux | affected 4.17unaffected 0 - < 4.17unaffected 5.4.296 - <= 5.4.*unaffected 5.10.240 - <= 5.10.*unaffected 5.15.187 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now