PT-2025-25852 · Linux+6 · Linux Kernel+6

Published

2025-05-16

·

Updated

2026-04-20

·

CVE-2025-38078

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A race condition in the ALSA PCM OSS layer can lead to a use-after-free (UAF) issue. This occurs when the layer attempts to clear the buffer with silence data during stream initialization or reconfiguration, using the snd pcm format set silence() function with runtime->dma area. The accessed runtime->dma area might be freed concurrently, as this operation is performed outside the PCM ops. To avoid this, the code has been moved into the PCM core and is now performed inside the buffer access lock.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Race Condition

Weakness Enumeration

CWE-665CWE-362

Related Identifiers

BDU:2025-12254
CVE-2025-38078
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-7A07-2FE2-4EF0
OESA-2025-1727
OESA-2025-1728
OESA-2025-1729
OESA-2025-1730
OESA-2025-1870
SUSE-SU-2025:02249-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02334-1
SUSE-SU-2025:02335-1
SUSE-SU-2025:02538-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20475-1
SUSE-SU-2025:20483-1
SUSE-SU-2025:20493-1
SUSE-SU-2025:20498-1
SUSE-SU-2025_02249-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
SUSE-SU-2025_02334-1
SUSE-SU-2025_02335-1
SUSE-SU-2025_02538-1
USN-7704-1
USN-7704-2
USN-7704-3
USN-7704-4
USN-7704-5
USN-7711-1
USN-7712-1
USN-7712-2
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu