CVE-2025-68346 - Vulnerability Details

- ALSA: dice: fix buffer overflow in detect_stream_formats()

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: dice: fix buffer overflow in detect_stream_formats()

The function detect_stream_formats() reads the stream_count value directly
from a FireWire device without validating it. This can lead to
out-of-bounds writes when a malicious device provides a stream_count value
greater than MAX_STREAMS.

Fix by applying the same validation to both TX and RX stream counts in
detect_stream_formats().

Published: 2025-12-24

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< d6280a5b00cad37d9a9a875849e5bf7ed2fe4950
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< 3cf854cec0eb371da47ff5fe56eab189d7fa623a
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< 4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< 932aa1e80b022419cf9710e970739b7a8794f27c
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< 1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9
`58579c056c1c9510ae6695ed8e01ee05bbdcfb23`	affected	< 324f3e03e8a85931ce0880654e3c3eb38b0f0bba

Linux

affected

Version	Status	Constraints
`4.18`	affected	—
`0`	unaffected	< 4.18
`5.10.248`	unaffected	≤ 5.10.*
`5.15.198`	unaffected	≤ 5.15.*
`6.1.160`	unaffected	≤ 6.1.*
`6.6.120`	unaffected	≤ 6.6.*
`6.12.63`	unaffected	≤ 6.12.*
`6.17.13`	unaffected	≤ 6.17.*
`6.18.2`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4475-1	linux security update
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6127-1	linux security update
Ubuntu USN	USN-8094-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8094-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-4	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8096-5	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-8116-1	Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN	USN-8094-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8094-4	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8094-5	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8141-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8152-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-8163-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8163-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8179-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8184-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8179-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8185-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8179-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8203-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-8204-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-8185-2	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8179-4	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8243-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8258-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8260-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8261-1	Linux kernel (Xilinx) vulnerabilities
Ubuntu USN	USN-8265-1	Linux kernel (NVIDIA Tegra) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00085.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9
https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba
https://git.kernel.org/stable/c/3cf854cec0eb371da47ff5fe56eab189d7fa623a
https://git.kernel.org/stable/c/4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4
https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c
https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6
https://git.kernel.org/stable/c/d6280a5b00cad37d9a9a875849e5bf7ed2fe4950
https://git.kernel.org/stable/c/dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0
https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68346-10ef@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-68346
https://www.cve.org/CVERecord?id=CVE-2025-68346

History

Mon, 19 Jan 2026 12:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/3cf854cec0eb371da47ff5fe56eab189d7fa623a https://git.kernel.org/stable/c/d6280a5b00cad37d9a9a875849e5bf7ed2fe4950

Sun, 11 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4 https://git.kernel.org/stable/c/dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0

Thu, 25 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68346-10ef@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-68346 https://www.cve.org/CVERecord?id=CVE-2025-68346
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Wed, 24 Dec 2025 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats().
Title		ALSA: dice: fix buffer overflow in detect_stream_formats()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9 https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T10:32:39.101Z

Updated: 2026-05-11T21:51:25.174Z

Reserved: 2025-12-16T14:48:05.299Z

Link: CVE-2025-68346

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-24T11:15:57.947

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-68346

Redhat

Severity : Important

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2025-68346 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object