CVE-2025-38249

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38249
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38249.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38249
Downstream
Related
Published
2025-07-09T10:42:29.704Z
Modified
2026-03-12T02:19:21.210937Z
Summary
ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3()

In sndusbgetaudioformatuac3(), the length value returned from sndusbctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device.

The allocated buffer is cast to a uac3clusterheader_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read.

Add a length check to ensure the buffer is large enough for uac3clusterheader_descriptor.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38249.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9a2fe9b801f585baccf8352d82839dcd54b300cf
Fixed
24ff7d465c4284529bbfa207757bffb6f44b6403
Fixed
2dc1c3edf67abd30c757f8054a5da61927cdda21
Fixed
c3fb926abe90d86f5e3055e0035f04d9892a118b
Fixed
6eb211788e1370af52a245d4d7da35c374c7b401
Fixed
74fcb3852a2f579151ce80b9ed96cd916ba0d5d8
Fixed
0ee87c2814deb5e42921281116ac3abcb326880b
Fixed
11e740dc1a2c8590eb7074b5c4ab921bb6224c36
Fixed
fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38249.json"