Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-39757

Published: September 12, 2025Last modified: September 12, 2025

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlinux-ltsFixed (6.1.151-r0)
25 LTSlinux-ltsFixed (6.12.44-r0)
Streamlinux-ltsFixed (6.12.43-r0)

References

ON THIS PAGE