CVE-2025-68347

A buffer overflow vulnerability was found in the Linux kernel's ALSA firewire-motu driver, specifically in the hwdep_read() function for DSP events. The root cause is that when a user provides a buffer smaller than the event header size (8 bytes), the function copies more bytes than requested, leading to an out-of-bounds write on the user buffer.

Exploitation

To trigger this bug, an attacker would need local access to a system with a FireWire MOTU audio device and the ability to read from the hwdep character device. The exploit path involves deliberately providing a buffer smaller than 8 bytes to hwdep_read(), causing the copy operation to write beyond the user-supplied memory.

Impact

Successful exploitation could permit a local attacker to corrupt heap metadata or other sensitive data, potentially leading to privilege escalation or a denial-of-service (system crash). The buffer overflow overwrites memory beyond the intended buffer, making it a classical memory safety issue.

Mitigation

The fix is included in the Linux kernel stable branches, applying a min_t() boundary check to clamp the copy size to the user-requested length [1][2]. Users should update to the latest patched kernel versions.