CVE-2025-39757
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39757
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39757.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39757
- Downstream
- Related
- Published
- 2025-09-11T16:52:26.900Z
- Modified
- 2025-11-28T02:34:05.385979Z
- Summary
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39757.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1034719fdefd26caeec0a44a868bb5a412c2c1a5
- https://git.kernel.org/stable/c/275e37532e8ebe25e8a4069b2d9f955bfd202a46
- https://git.kernel.org/stable/c/47ab3d820cb0a502bd0074f83bb3cf7ab5d79902
- https://git.kernel.org/stable/c/786571b10b1ae6d90e1242848ce78ee7e1d493c4
- https://git.kernel.org/stable/c/799c06ad4c9c790c265e8b6b94947213f1fb389c
- https://git.kernel.org/stable/c/7ef3fd250f84494fb2f7871f357808edaa1fc6ce
- https://git.kernel.org/stable/c/ae17b3b5e753efc239421d186cd1ff06e5ac296e
- https://git.kernel.org/stable/c/dfdcbcde5c20df878178245d4449feada7d5b201
- https://git.kernel.org/stable/c/ecfd41166b72b67d3bdeb88d224ff445f6163869
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39757.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39757
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced11785ef53228d23ec386f5fe4a34601536f0c891Fixed799c06ad4c9c790c265e8b6b94947213f1fb389cFixed786571b10b1ae6d90e1242848ce78ee7e1d493c4Fixed275e37532e8ebe25e8a4069b2d9f955bfd202a46Fixed47ab3d820cb0a502bd0074f83bb3cf7ab5d79902Fixed1034719fdefd26caeec0a44a868bb5a412c2c1a5Fixedae17b3b5e753efc239421d186cd1ff06e5ac296eFixeddfdcbcde5c20df878178245d4449feada7d5b201Fixed7ef3fd250f84494fb2f7871f357808edaa1fc6ceFixedecfd41166b72b67d3bdeb88d224ff445f6163869
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.19.0Fixed5.4.297
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.241
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.190
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.149
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.103
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.43
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.15.11
- Type
- ECOSYSTEM
- Events
-
Introduced6.16.0Fixed6.16.2