PT-2025-37215 · Linux+9 · Linux Kernel+9

Published

2025-08-14

·

Updated

2026-04-20

·

CVE-2025-39757

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains a flaw in the ALSA subsystem related to USB audio handling. Specifically, UAC3 cluster segment descriptors require validation to ensure their sizes align with declared lengths and allocated buffer sizes. Insufficient validation can lead to out-of-bounds (OOB) access triggered by malicious firmware.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

RCE

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

ALSA-2025:17760
ALSA-2025:17776
ALSA-2025:18297
ALSA-2025:18298
AZL-67229
AZL-73956
BDU:2025-15543
CESA-2025_18297
CESA-2025_18298
CVE-2025-39757
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-23B6-2125-81D0
INFSA-2025_17760
INFSA-2025_18297
INFSA-2025_18298
OPENSUSE-SU-2025:20081-1
RHSA-2025:17760
RHSA-2025:18297
RHSA-2025:18298
RHSA-2025:21118
RHSA-2025_17760
RHSA-2025_18297
RHSA-2025_18298
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu