Buffer Overflow Vulnerability in Linux Kernel Affects ALSA USB Audio
CVE-2025-39757

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39757?

A vulnerability in the Linux kernel's ALSA USB audio driver can allow for unchecked buffer sizes in UAC3 class segment descriptors. Failure to validate the sizes can lead to out-of-bounds (OOB) accesses when malicious firmware is introduced. This poses a potential risk for system stability and security, emphasizing the need for verification of descriptor lengths before allocation to prevent exploitation.

Affected Version(s)

Linux 11785ef53228d23ec386f5fe4a34601536f0c891 < 799c06ad4c9c790c265e8b6b94947213f1fb389c

Linux 11785ef53228d23ec386f5fe4a34601536f0c891 < 786571b10b1ae6d90e1242848ce78ee7e1d493c4

Linux 11785ef53228d23ec386f5fe4a34601536f0c891 < 275e37532e8ebe25e8a4069b2d9f955bfd202a46

References

https://git.kernel.org/stable/c/799c06ad4c9c790c265e8b6b9...

https://git.kernel.org/stable/c/786571b10b1ae6d90e1242848...

https://git.kernel.org/stable/c/275e37532e8ebe25e8a4069b2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025