Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-39757

Опубликовано: 11 сент. 2025
Источник: nvd
CVSS3: 7.1
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.19 (включая) до 5.4.297 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.5 (включая) до 5.10.241 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.190 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.16 (включая) до 6.1.149 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.6.103 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.7 (включая) до 6.12.43 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.13 (включая) до 6.15.11 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.16 (включая) до 6.16.2 (исключая)
cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%
0.00022
Низкий

7.1 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2025-39757

CVSS3: 7.1
ubuntu
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

redhat логотип

CVE-2025-39757

CVSS3: 7.1
redhat
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

msrc логотип

CVE-2025-39757

CVSS3: 7.8
msrc
5 месяцев назад

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

debian логотип

CVE-2025-39757

CVSS3: 7.1
debian
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: A ...

github логотип

GHSA-jrpg-g4vf-p4hw

CVSS3: 7.1
github
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

EPSS

Процентиль: 5%
0.00022
Низкий

7.1 High

CVSS3

Дефекты

CWE-125