Buffer Overflow Vulnerability in Linux Kernel's USB-Audio Driver
CVE-2025-40269

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
6 December 2025

What is CVE-2025-40269?

A vulnerability in the Linux kernel's USB-audio driver could lead to a buffer overflow due to inadequate checks on USB packet sizes. The size of the PCM stream data packets is dynamically determined but must conform to USB descriptor limits. If the calculated packet size exceeds the maximum permissible value, the system may enter an unstable state, presenting potential security risks. The introduced patch adds a sanity check to validate packet sizes against defined limits, ensuring that operations are halted before any harmful actions are executed. This proactive measure guards against issues stemming from aberrant USB descriptors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 02c56650f3c118d3752122996d96173d26bb13aa < 480a1490c595a242f27493a4544b3efb21b29f6a

Linux 5ef30e443e6d3654cccecec99cf481a69a0a6d3b

Linux 99703c921864a318e3e8aae74fde071b1ff35bea < 282aba56713bbc58155716b55ca7222b2d9cf3c8

References

https://git.kernel.org/stable/c/480a1490c595a242f27493a45...
https://git.kernel.org/stable/c/ab0b5e92fc36ee82c1bd01fe8...
https://git.kernel.org/stable/c/282aba56713bbc58155716b55...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.