CVE-2025-68753
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-01-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ALSA firewire-motu driver. Specifically, in the DSP event handling code, a loop using put_user() copies event data to a user buffer. If the user buffer size is not aligned to 4 bytes, the loop could write beyond the buffer boundary, potentially causing memory corruption. The issue was fixed by adding a bounds check before each put_user() operation to prevent overwriting beyond the buffer.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for the ALSA firewire-motu bounds check vulnerability. This fix adds a bounds check in the put_user loop for DSP events to prevent buffer overflows. Until the update is applied, avoid processing untrusted or malformed DSP event data that could trigger the vulnerability.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption by writing beyond the intended buffer boundary when handling DSP events. Such memory corruption could cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited.