ГлавнаяУязвимости → CVE-2025-39757
7.1высокая

CVE-2025-39757

→ есть в БДУ: BDU:2025-15543 (на русском)
Описание (на английском; русское — в БДУ выше)

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

Затрагиваемое ПО
Linux Linux kernelDebian Debian linux
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Источники
https://git.kernel.org/stable/c/1034719fdefd26caeec0a44a868bb5a412c2c1a5https://git.kernel.org/stable/c/275e37532e8ebe25e8a4069b2d9f955bfd202a46https://git.kernel.org/stable/c/47ab3d820cb0a502bd0074f83bb3cf7ab5d79902https://git.kernel.org/stable/c/786571b10b1ae6d90e1242848ce78ee7e1d493c4https://git.kernel.org/stable/c/799c06ad4c9c790c265e8b6b94947213f1fb389chttps://git.kernel.org/stable/c/7ef3fd250f84494fb2f7871f357808edaa1fc6cehttps://git.kernel.org/stable/c/ae17b3b5e753efc239421d186cd1ff06e5ac296ehttps://git.kernel.org/stable/c/dfdcbcde5c20df878178245d4449feada7d5b201