fkie_cve-2025-38078
Vulnerability from fkie_nvd
Published
2025-06-18 10:15
Modified
2025-06-18 13:46
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. But this may lead to a UAF because the accessed runtime->dma_area might be freed concurrently, as it's performed outside the PCM ops. For avoiding it, move the code into the PCM core and perform it inside the buffer access lock, so that it won't be changed during the operation.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime-\u003edma_area.  But this may\nlead to a UAF because the accessed runtime-\u003edma_area might be freed\nconcurrently, as it\u0027s performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won\u0027t be changed during the\noperation."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: pcm: Correcci\u00f3n de la ejecuci\u00f3n de acceso al b\u00fafer en la capa PCM OSS. La capa PCM OSS intenta borrar el b\u00fafer con los datos de silencio durante la inicializaci\u00f3n (o reconfiguraci\u00f3n) de un flujo mediante la llamada expl\u00edcita a snd_pcm_format_set_silence() con runtime-\u0026gt;dma_area. Sin embargo, esto puede generar una UAF, ya que el acceso a runtime-\u0026gt;dma_area podr\u00eda liberarse simult\u00e1neamente, ya que se realiza fuera de las operaciones PCM. Para evitarlo, mueva el c\u00f3digo al n\u00facleo PCM y ejec\u00fatelo dentro del bloqueo de acceso al b\u00fafer, de modo que no se modifique durante la operaci\u00f3n. "
    }
  ],
  "id": "CVE-2025-38078",
  "lastModified": "2025-06-18T13:46:52.973",
  "metrics": {},
  "published": "2025-06-18T10:15:41.380",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.