CVE-2025-38249
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.16 |
| linux | linux_kernel | From 6.7 (inc) to 6.12.36 (inc) |
| debian | debian_linux | 11.0 |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the Linux kernel's ALSA usb-audio driver, specifically in the snd_usb_get_audioformat_uac3() function. The function uses a length value returned from snd_usb_ctl_msg() for memory allocation without validating it. Since this length is controlled by the USB device, a malicious or faulty device can cause the function to read beyond the allocated buffer by returning a smaller length than expected. This can lead to accessing memory outside the intended bounds.
How can this vulnerability impact me? :
The vulnerability can lead to out-of-bounds memory reads when interacting with certain USB audio devices. This may cause system instability, crashes, or potentially expose sensitive kernel memory contents, which could be leveraged by an attacker to escalate privileges or cause denial of service.