PT-2025-49370 · Linux+4 · Linux Kernel+4

Published

2025-11-10

·

Updated

2026-05-07

·

CVE-2025-40269

CVSS v2.0

6.4

Medium

VectorAV:L/AC:L/Au:S/C:C/I:P/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A flaw exists in the Linux kernel's USB-audio driver related to potential overflow of the PCM transfer buffer. The issue arises because the packet sizes used for transferring PCM stream data over USB URB packets can exceed the limits defined by the USB descriptor's wMaxPacketSize. This can lead to a buffer overflow when the calculated packet size is larger than the maximum allowed packet size. The issue was identified by syzbot. The fix introduces a sanity check during parameter setup, returning an error if the packet size exceeds the maximum allowed size.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Weakness Enumeration

CWE-131

Related Identifiers

ALSA-2026:2212
ALSA-2026:2264
ALSA-2026:2378
ALSA-2026:2721
BDU:2026-02248
CVE-2025-40269
DLA-4404-1
ECHO-E4D0-E02A-C86F
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20145-1
RHSA-2026:2212
RHSA-2026:2264
RHSA-2026:2378
RHSA-2026:2721
RHSA-2026:2759
RHSA-2026:2761
RHSA-2026:2766
RHSA-2026:3267
RHSA-2026:3293
RHSA-2026:3358
RHSA-2026:3375
RHSA-2026:4242
RHSA-2026:4243
RHSA-2026:5821
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8100-1
USN-8116-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Rocky Linux
Ubuntu