Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2025-38249

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()

In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device.

The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read.

Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.

  • Published: Jul 9, 2025
  • Updated: Dec 19, 2025
  • CVE: CVE-2025-38249
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.1
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.17 5.4.296
linux / linux_kernel 5.5 5.10.240
linux / linux_kernel 5.11 5.15.187
linux / linux_kernel 5.16 6.1.143
linux / linux_kernel 6.2 6.6.96
linux / linux_kernel 6.7 6.12.36
linux / linux_kernel 6.13 6.15.5
linux / linux_kernel 6.16-rc1 6.16-rc1.x
linux / linux_kernel 6.16-rc2 6.16-rc2.x
linux / linux_kernel 6.16-rc3 6.16-rc3.x
debian / debian_linux 11.0 11.0.x