CVE-2025-68347
Unknown Unknown - Not Provided
Buffer Overflow in Linux ALSA firewire-motu DSP Event Handling

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header size (8 bytes). Fix by using min_t() to clamp the copy size, This ensures we never copy more than the user requested.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68347
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the Linux kernel's ALSA firewire-motu driver. Specifically, in the DSP event handling code within the hwdep_read() function, more bytes could be written to the user buffer than requested if the user provides a buffer smaller than the event header size (8 bytes). The issue was fixed by clamping the copy size to never exceed the user-requested size.

Impact Analysis

This vulnerability could lead to a buffer overflow, which may cause memory corruption or potentially allow an attacker to execute arbitrary code or cause a denial of service by crashing the system when interacting with the affected ALSA firewire-motu driver.

Mitigation Strategies

Apply the patch or update to a Linux kernel version that includes the fix for the ALSA firewire-motu buffer overflow vulnerability in hwdep_read(). This fix ensures that the copy size is clamped to the user requested size, preventing buffer overflow.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68347. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart