Buffer Overflow Vulnerability in Linux Kernel's USB-Audio Driver
CVE-2025-40269

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40269?

A vulnerability in the Linux kernel's USB-audio driver could lead to a buffer overflow due to inadequate checks on USB packet sizes. The size of the PCM stream data packets is dynamically determined but must conform to USB descriptor limits. If the calculated packet size exceeds the maximum permissible value, the system may enter an unstable state, presenting potential security risks. The introduced patch adds a sanity check to validate packet sizes against defined limits, ensuring that operations are halted before any harmful actions are executed. This proactive measure guards against issues stemming from aberrant USB descriptors.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6a5da3fa80affc948923f20a4e086177f505e86e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 217d47255a2ec8b246f2725f5db9ac3f1d4109d7

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/6a5da3fa80affc948923f20a4...

https://git.kernel.org/stable/c/217d47255a2ec8b246f2725f5...

https://git.kernel.org/stable/c/ef592bf2232a2daa9fffa8881...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON