VYPR
High severity7.1NVD Advisory· Published Sep 11, 2025· Updated Jun 17, 2026

CVE-2025-39757

CVE-2025-39757

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

200

Patches

Vulnerability mechanics

References

12

News mentions

1