ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
The DSP event handling code in hwdep_read() could write more bytes to
the user buffer than requested, when a user provides a buffer smaller
than the event header size (8 bytes).
Fix by using min_t() to clamp the copy size, This ensures we never copy
more than the user requested.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux | unaffected |
|
|||||||||||||||||||||||||||
| Linux | Linux | affected |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-4476-1 | linux-6.1 security update |
 Debian DSA |
DSA-6127-1 | linux security update |
 Ubuntu USN |
USN-8094-1 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-8094-2 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-8094-3 | Linux kernel (Real-time) vulnerabilities |
| Ubuntu USN |
USN-8094-4 | Linux kernel (Azure) vulnerabilities |
| Ubuntu USN |
USN-8094-5 | Linux kernel (Raspberry Pi) vulnerabilities |
| Ubuntu USN |
USN-8152-1 | Linux kernel (OEM) vulnerabilities |
| Ubuntu USN |
USN-8179-1 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-8184-1 | Linux kernel (Real-time) vulnerabilities |
| Ubuntu USN |
USN-8179-2 | Linux kernel (FIPS) vulnerabilities |
| Ubuntu USN |
USN-8185-1 | Linux kernel (NVIDIA) vulnerabilities |
| Ubuntu USN |
USN-8179-3 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-8203-1 | Linux kernel (Oracle) vulnerabilities |
| Ubuntu USN |
USN-8204-1 | Linux kernel (Raspberry Pi Real-time) vulnerabilities |
| Ubuntu USN |
USN-8185-2 | Linux kernel (Low Latency NVIDIA) vulnerabilities |
| Ubuntu USN |
USN-8179-4 | Linux kernel (GCP) vulnerabilities |
| Ubuntu USN |
USN-8258-1 | Linux kernel (Azure) vulnerabilities |
| Ubuntu USN |
USN-8260-1 | Linux kernel (Azure FIPS) vulnerabilities |
| Ubuntu USN |
USN-8261-1 | Linux kernel (Xilinx) vulnerabilities |
| Ubuntu USN |
USN-8265-1 | Linux kernel (NVIDIA Tegra) vulnerabilities |
Sun, 11 Jan 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Fri, 26 Dec 2025 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 24 Dec 2025 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller than the event header size (8 bytes). Fix by using min_t() to clamp the copy size, This ensures we never copy more than the user requested. | |
| Title | ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-05-11T21:51:26.312Z
Reserved: 2025-12-16T14:48:05.299Z
Link: CVE-2025-68347
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2025-12-24T11:15:58.050
Modified: 2026-04-15T00:35:42.020
Link: CVE-2025-68347
Redhat
OpenCVE Enrichment
No data.
No weakness.