| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090403-CVE-2025-38729-ca88@gregkh> Date: Thu, 4 Sep 2025 17:33:34 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38729: ALSA: usb-audio: Validate UAC3 power domain descriptors, too From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too. The Linux kernel CVE team has assigned CVE-2025-38729 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 5.4.297 with commit 1666207ba0a5973735ef010812536adde6174e81 Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 5.10.241 with commit ebc9e06b6ea978a20abf9b87d41afc51b2d745ac Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 5.15.190 with commit f03418bb9d542f44df78eec2eff4ac83c0a8ac0d Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 6.1.149 with commit 40714daf4d0448e1692c78563faf0ed0f9d9b5c7 Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 6.6.103 with commit 07c8d78dbb5e0ff8b23f7fd69cd1d4e2ba22b3dc Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 6.12.43 with commit cd08d390d15b204cac1d3174f5f149a20c52e61a Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 6.15.11 with commit 29b415ec09f5b9d1dfa2423b826725a8c8796b9a Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 6.16.2 with commit 452ad54f432675982cc0d6eb6c40a6c86ac61dbd Issue introduced in 4.17 with commit 9a2fe9b801f585baccf8352d82839dcd54b300cf and fixed in 6.17-rc2 with commit d832ccbc301fbd9e5a1d691bdcf461cdb514595f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38729 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/usb/validate.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1666207ba0a5973735ef010812536adde6174e81 https://git.kernel.org/stable/c/ebc9e06b6ea978a20abf9b87d41afc51b2d745ac https://git.kernel.org/stable/c/f03418bb9d542f44df78eec2eff4ac83c0a8ac0d https://git.kernel.org/stable/c/40714daf4d0448e1692c78563faf0ed0f9d9b5c7 https://git.kernel.org/stable/c/07c8d78dbb5e0ff8b23f7fd69cd1d4e2ba22b3dc https://git.kernel.org/stable/c/cd08d390d15b204cac1d3174f5f149a20c52e61a https://git.kernel.org/stable/c/29b415ec09f5b9d1dfa2423b826725a8c8796b9a https://git.kernel.org/stable/c/452ad54f432675982cc0d6eb6c40a6c86ac61dbd https://git.kernel.org/stable/c/d832ccbc301fbd9e5a1d691bdcf461cdb514595f
Powered by blists - more mailing lists