cvedb.io
CVE-2025-38729
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-09-04T16:15:43.013 · Last modified 2026-06-17T09:17:45.230

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too.

Affected products

linux — linux_kernel

Does this affect you?

Add your gear to cvedb and we'll alert you only when linux ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.