Out-of-Bounds Read Vulnerability in Linux Kernel Affecting Audio USB Devices
CVE-2025-38249

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 July 2025

What is CVE-2025-38249?

A vulnerability in the Linux kernel's USB audio subsystem allows an attacker to exploit an out-of-bounds read scenario. The issue arises in the function snd_usb_get_audioformat_uac3(), where length values from snd_usb_ctl_msg() are utilized without proper validation. The absence of a length check may result in a buffer being allocated that is insufficient for the expected uac3_cluster_header_descriptor. This flaw could lead to unauthorized access to memory regions, accentuating the need for timely updates and patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 9a2fe9b801f585baccf8352d82839dcd54b300cf < 24ff7d465c4284529bbfa207757bffb6f44b6403

Linux 9a2fe9b801f585baccf8352d82839dcd54b300cf < 2dc1c3edf67abd30c757f8054a5da61927cdda21

Linux 9a2fe9b801f585baccf8352d82839dcd54b300cf

References

https://git.kernel.org/stable/c/24ff7d465c4284529bbfa2077...
https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054...
https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e00...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.