PT-2025-52882 · Firewire+6 · Firewire+6

Published

2025-11-29

·

Updated

2026-05-11

·

CVE-2025-68346

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The detect stream formats() function in the ALSA driver for Digital Interface Communication Engine (dice) devices does not validate the stream count value received from a FireWire device. A malicious device providing a stream count value exceeding MAX STREAMS can trigger out-of-bounds writes. The issue is addressed by adding validation to both transmit (TX) and receive (RX) stream counts within the detect stream formats() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Buffer Overflow

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

BDU:2026-02429
CVE-2025-68346
ECHO-1CB7-FD22-DD67
OPENSUSE-SU-2026:10039-1
OPENSUSE-SU-2026:10301-1
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8094-1
USN-8094-2
USN-8094-3
USN-8094-4
USN-8094-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8152-1
USN-8163-1
USN-8163-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Alsa
Debian
Digital Interface Communication Engine
Firewire
Linuxmint
Linux Kernel
Ubuntu