CVE-2025-38078

ALSA: pcm: Fix race of buffer access at PCM OSS layer

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at
initialization (or reconfiguration) of a stream with the explicit call
of snd_pcm_format_set_silence() with runtime->dma_area. But this may
lead to a UAF because the accessed runtime->dma_area might be freed
concurrently, as it's performed outside the PCM ops. For avoiding it, move the code into the PCM core and perform it inside
the buffer access lock, so that it won't be changed during the
operation.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-06-18 CVE Published
2025-06-18 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f	2025-06-04
https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25	2025-06-04
https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf	2025-06-04
https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a	2025-06-04
https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455	2025-06-04
https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4	2025-05-29
https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470	2025-05-29
https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73	2025-05-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.294 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.238 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.185 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.185"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.141 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.141"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.93 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.12.31 Search vendor "Linux" for product "Linux Kernel" and version " < 6.12.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.14.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.14.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.15 Search vendor "Linux" for product "Linux Kernel" and version " < 6.15"		en		Affected