VDB

DEBIAN-CVE-2025-39757

DEBIAN-CVE-2025-39757 PUBLISHED CVSS 7.099999904632568 HIGH

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Debian:13linux0, 6.12.38-1, 6.12.41-1
Debian:12linux6.1.38-2~bpo11+1, 6.1.38-3, 6.1.38-4
Debian:14linux6.15.1-1, 6.12.41-1, 6.12.43-1~bpo12+1
Debian:11linux*, 5.10.103-1, 5.10.103-1~bpo10+1
Debian:11linux-6.10, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2

Exploit Intelligence

Timeline

  • Sep 11, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›