Memory Access Vulnerability in Linux Kernel Affecting ALSA PCM Layer
CVE-2025-38078

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38078?

A vulnerability in the ALSA PCM layer of the Linux kernel could lead to a use after free (UAF) condition due to concurrent access to runtime memory. Specifically, the PCM OSS layer attempted to clear buffers with silence data during stream initialization or reconfiguration. This operation, which requires access to the runtime's DMA area, may result in accessing freed memory if handled incorrectly. The fix involves relocating buffer access operations within a protected PCM core function, ensuring that the memory remains valid for the duration of the operation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8170d8ec4efd0be352c14cb61f374e30fb0c2a25

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 10217da9644ae75cea7330f902c35fc5ba78bbbf

References

https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a1...

https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61...

https://git.kernel.org/stable/c/10217da9644ae75cea7330f90...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025