Buffer Overflow Vulnerability in Linux Kernel ALSA FireWire Driver
CVE-2025-68753

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 January 2026

What is CVE-2025-68753?

A buffer overflow vulnerability exists in the ALSA firewire-motu driver within the Linux kernel. This flaw specifically affects the DSP event handling code, where the put_user() loop is responsible for copying event data to a user buffer. If the user buffer is not aligned to 4 bytes, there is a risk of writing beyond the designated buffer boundary, leading to potential data corruption or exploitation. This issue has been mitigated by implementing a bounds check prior to executing the put_user() operation, ensuring that buffer overflows are properly prevented.

Affected Version(s)

Linux 634ec0b2906efd46f6f57977e172aa3470aca432 < 0d71b3c2ed742f1ccb3b0b7a61afb90c0251093f

Linux 634ec0b2906efd46f6f57977e172aa3470aca432

Linux 634ec0b2906efd46f6f57977e172aa3470aca432 < 8f9e51cf2a2a43d0cd72d3dc0b5ccea3f639c187

References

https://git.kernel.org/stable/c/0d71b3c2ed742f1ccb3b0b7a6...

https://git.kernel.org/stable/c/df692cf2b601a54b34edfdb9e...

https://git.kernel.org/stable/c/8f9e51cf2a2a43d0cd72d3dc0...

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Dec 24, 2025

JSON