CVE-2025-40269Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size49 documents7 sources
Severity
7.8HIGHOSV
OSV3.2
No vector
EPSS
0.2%
top 57.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedDec 6
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet sizes are limited by some factors such as wMaxPacketSize USB descriptor. OTOH, in the current code, the actually used packet sizes are determined only by the rate and the PPS, which may be bigger than the size limit above. T

Affected Packages7 packages

Linuxlinux/linux_kernel4.5.04.9.230+11
Debianlinux/linux_kernel< 5.10.247-1+3
Ubuntulinux/linux_kernel< 5.15.0-173.183+2
CVEListV5linux/linux02c56650f3c118d3752122996d96173d26bb13aa480a1490c595a242f27493a4544b3efb21b29f6a+13

🔴Vulnerability Details

23
OSV
linux-raspi vulnerabilities2026-04-01
OSV
linux-raspi, linux-raspi-realtime vulnerabilities2026-04-01
OSV
linux-azure-6.8 vulnerabilities2026-03-25
OSV
linux-azure vulnerabilities2026-03-25
OSV
linux-intel-iot-realtime vulnerabilities2026-03-23

📋Vendor Advisories

25
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2026-04-01