VYPR
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-68346

CVE-2025-68346

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: dice: fix buffer overflow in detect_stream_formats()

The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS.

Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

106

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.