Buffer Overflow Vulnerability in Linux Kernel ALSA Component
CVE-2025-39751

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39751?

A buffer overflow vulnerability has been identified in the advanced Linux sound architecture (ALSA) component of the Linux kernel. The issue arises in the 'add_tuning_control' function, where the use of 'sprintf' can lead to an overflow if the length of the input strings exceeds 44 bytes. This flaw has been addressed by replacing 'sprintf' with 'snprintf', which restricts the length of the strings to mitigate the risk of overflow and improve overall security. It is recommended that users update to the patched version to safeguard against potential exploitation.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 04fa6f5e94034654da3505d9e908dd9090f0e83c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/04fa6f5e94034654da3505d9e...

https://git.kernel.org/stable/c/fb8116c38d67d6e23f3b5e34b...

https://git.kernel.org/stable/c/c2dacfe495b72699a9480c95f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025