Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-39757

Опубликовано: 11 сент. 2025
Источник: redhat
CVSS3: 7.1

Описание

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelAffected
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelAffected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelAffected
Red Hat Enterprise Linux 9kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2394615kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-39757

CVSS3: 7.1
ubuntu
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

nvd логотип

CVE-2025-39757

CVSS3: 7.1
nvd
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

msrc логотип

CVE-2025-39757

CVSS3: 7.8
msrc
5 месяцев назад

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

debian логотип

CVE-2025-39757

CVSS3: 7.1
debian
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: A ...

github логотип

GHSA-jrpg-g4vf-p4hw

CVSS3: 7.1
github
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

7.1 High

CVSS3