CVE-2025-38078
MEDIUMLinux Kernel - Use-After-Free in PCM OSS Layer Buffer Access
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. But this may lead to a UAF because the accessed runtime->dma_area might be freed concurrently, as it's performed outside the PCM ops. For avoiding it, move the code into the PCM core and perform it inside the buffer access lock, so that it won't be changed during the operation.
References (10)
Core 10
Core References
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Scores
CVSS v3
4.7
EPSS
0.0007
EPSS Percentile
21.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (28)
debian/debian_linux
11.0
linux/Kernel
2.6.12 - 5.4.294linux
linux/Kernel
5.11.0 - 5.15.185linux
linux/Kernel
5.16.0 - 6.1.141linux
linux/Kernel
5.5.0 - 5.10.238linux
linux/Kernel
6.13.0 - 6.14.9linux
linux/Kernel
6.2.0 - 6.6.93linux
linux/Kernel
6.7.0 - 6.12.31linux
Linux/Linux
< 2.6.12
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 10217da9644ae75cea7330f902c35fc5ba78bbbf
... and 18 more
Published
Jun 18, 2025
Tracked Since
Feb 18, 2026