AZL-73848

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73848.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-73848
Upstream
Published
2025-09-04T16:15:43Z
Modified
2026-04-01T05:22:21.414251Z
Summary
CVE-2025-38729 affecting package kernel for versions less than 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too.

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73848.json"