CVE-2025-68347

Linux Kernel 5.16.0-6.17.12 - Buffer Overflow in ALSA FireWire Motu DSP Event Handler

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header size (8 bytes). Fix by using min_t() to clamp the copy size, This ensures we never copy more than the user requested.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/16620f0617400746984362c3d6ac547eeae1d35f

Patch

https://git.kernel.org/stable/c/ddd32ec66bc4eb6969fe835e4cc1c0706c6348fe

Patch

https://git.kernel.org/stable/c/6275fd726d53a8ec724f20201cf3bd862711e17b

Patch

https://git.kernel.org/stable/c/161291bac551821bba98eb4ea84c82338578d1b0

Patch

https://git.kernel.org/stable/c/cdda0d06f8650e33255f79839f188bbece44117c

Patch

https://git.kernel.org/stable/c/210d77cca3d0494ed30a5c628b20c1d95fa04fb1

Scores

EPSS 0.0006

EPSS Percentile 18.8%

Details

Status published

Products (19)

linux/Kernel 5.16.0 - 6.1.160linux

linux/Kernel 6.13.0 - 6.17.13linux

linux/Kernel 6.18.0 - 6.18.2linux

linux/Kernel 6.2.0 - 6.6.120linux

linux/Kernel 6.7.0 - 6.12.63linux

Linux/Linux < 5.16

Linux/Linux 5.16

Linux/Linux 6.1.160 - 6.1.*

Linux/Linux 6.12.63 - 6.12.*

Linux/Linux 6.17.13 - 6.17.*

... and 9 more

Published Dec 24, 2025

Tracked Since Feb 18, 2026