CVE-2025-68346
Published: Dec 24, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 58579c056c1c9510ae6695ed8e01ee05bbdcfb23 - < d6280a5b00cad37d9a9a875849e5bf7ed2fe4950affected 58579c056c1c9510ae6695ed8e01ee05bbdcfb23 - < 3cf854cec0eb371da47ff5fe56eab189d7fa623aaffected 58579c056c1c9510ae6695ed8e01ee05bbdcfb23 - < 4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4affected 58579c056c1c9510ae6695ed8e01ee05bbdcfb23 - < dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0affected 58579c056c1c9510ae6695ed8e01ee05bbdcfb23 - < c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6+3 more versions |
Linux | Linux | affected 4.18unaffected 0 - < 4.18unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now