Описание
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-39757
- https://git.kernel.org/stable/c/1034719fdefd26caeec0a44a868bb5a412c2c1a5
- https://git.kernel.org/stable/c/275e37532e8ebe25e8a4069b2d9f955bfd202a46
- https://git.kernel.org/stable/c/47ab3d820cb0a502bd0074f83bb3cf7ab5d79902
- https://git.kernel.org/stable/c/786571b10b1ae6d90e1242848ce78ee7e1d493c4
- https://git.kernel.org/stable/c/799c06ad4c9c790c265e8b6b94947213f1fb389c
- https://git.kernel.org/stable/c/7ef3fd250f84494fb2f7871f357808edaa1fc6ce
- https://git.kernel.org/stable/c/ae17b3b5e753efc239421d186cd1ff06e5ac296e
- https://git.kernel.org/stable/c/dfdcbcde5c20df878178245d4449feada7d5b201
- https://git.kernel.org/stable/c/ecfd41166b72b67d3bdeb88d224ff445f6163869
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
In the Linux kernel, the following vulnerability has been resolved: A ...