PT-2026-2515 · Linux+2 · Linux Kernel+2

Published

2025-12-17

·

Updated

2026-05-11

·

CVE-2025-68783

CVSS v2.0

4.6

Medium

VectorAV:L/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel’s ALSA subsystem contains a flaw within the usb-mixer component, specifically in the us16x08 driver. The get meter levels from urb() function processes meter packets received from devices and populates arrays (meter level[], comp level[], and master level[]) within the snd us16x08 meter store structure. Currently, the function calculates the channel index directly from the meter packet without range validation. This can lead to out-of-bounds writes to these arrays if a device sends a packet with a negative or out-of-range channel number. The issue is addressed by introducing a local channel variable and validating it before updating the arrays, rejecting negative indices and limiting array access to defined boundaries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Weakness Enumeration

CWE-20

Related Identifiers

AZL-74372
BDU:2026-00731
CVE-2025-68783
ECHO-CABD-7414-4924
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8116-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8243-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8261-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu