CVE-2025-38729

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-38729

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38729.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38729

Downstream

BELL-CVE-2025-38729

DEBIAN-CVE-2025-38729

DLA-4327-1

DLA-4328-1

DSA-6009-1

ECHO-93ce-4d74-dbfb

OESA-2025-2553

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OESA-2025-2800

OESA-2025-2801

RHSA-2025:21760

RHSA-2025:22006

RHSA-2025:22066

RHSA-2025:22072

RHSA-2025:22087

RHSA-2025:22095

RHSA-2025:22124

RHSA-2025:23445

RHSA-2025:23463

RHSA-2025:23947

RHSA-2025:23960

ROOT-OS-DEBIAN-11-CVE-2025-38729

ROOT-OS-DEBIAN-12-CVE-2025-38729

ROOT-OS-UBUNTU-2204-CVE-2025-38729

ROOT-OS-UBUNTU-2404-CVE-2025-38729

SUSE-SU-2025:03600-1

SUSE-SU-2025:03614-1

SUSE-SU-2025:03634-1

SUSE-SU-2025:20851-1

SUSE-SU-2025:20861-1

SUSE-SU-2025:20870-1

SUSE-SU-2025:20898-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3751-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4141-1

openSUSE-SU-2025:20081-1

Related

Published

2025-09-04T15:33:26.896Z

Modified

2026-03-20T12:42:59.856792Z

Summary

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38729.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

9a2fe9b801f585baccf8352d82839dcd54b300cf

Fixed

1666207ba0a5973735ef010812536adde6174e81

Fixed

ebc9e06b6ea978a20abf9b87d41afc51b2d745ac

Fixed

f03418bb9d542f44df78eec2eff4ac83c0a8ac0d

Fixed

40714daf4d0448e1692c78563faf0ed0f9d9b5c7

Fixed

07c8d78dbb5e0ff8b23f7fd69cd1d4e2ba22b3dc

Fixed

cd08d390d15b204cac1d3174f5f149a20c52e61a

Fixed

29b415ec09f5b9d1dfa2423b826725a8c8796b9a

Fixed

452ad54f432675982cc0d6eb6c40a6c86ac61dbd

Fixed

d832ccbc301fbd9e5a1d691bdcf461cdb514595f

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38729.json"