CVE-2025-39757
published 2025-09-11CVE-2025-39757: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors…
high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
UAC3 class segment descriptors need to be verified whether their sizes
match with the declared lengths and whether they fit with the
allocated buffer sizes, too. Otherwise malicious firmware may lead to
the unexpected OOB accesses.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.153-1 (bookworm) | linux 6.1.153-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < 799c06ad4c9c790c265e8b6b94947213f1fb389c | 799c06ad4c9c790c265e8b6b94947213f1fb389c |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < 786571b10b1ae6d90e1242848ce78ee7e1d493c4 | 786571b10b1ae6d90e1242848ce78ee7e1d493c4 |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < 275e37532e8ebe25e8a4069b2d9f955bfd202a46 | 275e37532e8ebe25e8a4069b2d9f955bfd202a46 |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < 47ab3d820cb0a502bd0074f83bb3cf7ab5d79902 | 47ab3d820cb0a502bd0074f83bb3cf7ab5d79902 |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < 1034719fdefd26caeec0a44a868bb5a412c2c1a5 | 1034719fdefd26caeec0a44a868bb5a412c2c1a5 |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < ae17b3b5e753efc239421d186cd1ff06e5ac296e | ae17b3b5e753efc239421d186cd1ff06e5ac296e |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < dfdcbcde5c20df878178245d4449feada7d5b201 | dfdcbcde5c20df878178245d4449feada7d5b201 |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < 7ef3fd250f84494fb2f7871f357808edaa1fc6ce | 7ef3fd250f84494fb2f7871f357808edaa1fc6ce |
| linux | linux | >= 11785ef53228d23ec386f5fe4a34601536f0c891 < ecfd41166b72b67d3bdeb88d224ff445f6163869 | ecfd41166b72b67d3bdeb88d224ff445f6163869 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.153-1 | 6.1.153-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 4.19 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.149 | 6.1.149 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.11 | 6.15.11 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
osv7.1HIGH