U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-38249 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without validation. This length is controlled by the USB device. The allocated buffer is cast to a uac3_cluster_header_descriptor and its fields are accessed without verifying that the buffer is large enough. If the device returns a smaller than expected length, this leads to an out-of-bounds read. Add a length check to ensure the buffer is large enough for uac3_cluster_header_descriptor.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0ee87c2814deb5e42921281116ac3abcb326880b kernel.org
https://git.kernel.org/stable/c/11e740dc1a2c8590eb7074b5c4ab921bb6224c36 kernel.org
https://git.kernel.org/stable/c/24ff7d465c4284529bbfa207757bffb6f44b6403 kernel.org
https://git.kernel.org/stable/c/2dc1c3edf67abd30c757f8054a5da61927cdda21 kernel.org
https://git.kernel.org/stable/c/6eb211788e1370af52a245d4d7da35c374c7b401 kernel.org
https://git.kernel.org/stable/c/74fcb3852a2f579151ce80b9ed96cd916ba0d5d8 kernel.org
https://git.kernel.org/stable/c/c3fb926abe90d86f5e3055e0035f04d9892a118b kernel.org
https://git.kernel.org/stable/c/fb4e2a6e8f28a3c0ad382e363aeb9cd822007b8a kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-38249
NVD Published Date:
07/09/2025
NVD Last Modified:
07/17/2025
Source:
kernel.org