Home

CVE-2025-38078

Description

In the Linux kernel, the following vulnerability has been resolved:ALSA: pcm: Fix race of buffer access at PCM OSS layerThe PCM OSS layer tries to clear the buffer with the silence data atinitialization (or reconfiguration) of a stream with the explicit callof snd_pcm_format_set_silence() with runtime->dma_area. But this maylead to a UAF because the accessed runtime->dma_area might be freedconcurrently, as its performed outside the PCM ops.For avoiding it, move the code into the PCM core and perform it insidethe buffer access lock, so that it wont be changed during theoperation.

Risk Information

Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.024

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-devel-debuginfo-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-devel-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-debugsource-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-debuginfo-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-azure-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-syms-azure-6.4.0-150600.8.43.1.x86_64.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-source-azure-6.4.0-150600.8.43.1.noarch.rpmLinux
SUSE-SU-2025:02249-1(Public Cloud Module 15 SP6) SUSE-SU-2025:02249-1 kernel-devel-azure-6.4.0-150600.8.43.1.noarch.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-source-azure-6.4.0-150700.20.6.1.noarch.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-syms-azure-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-debuginfo-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-debugsource-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-devel-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-azure-devel-debuginfo-6.4.0-150700.20.6.1.x86_64.rpmLinux
SUSE-SU-2025:02254-1(Public Cloud Module 15 SP7) kernel-devel-azure-6.4.0-150700.20.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Legacy Module 15 SP7) reiserfs-kmp-default-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Legacy Module 15 SP7) reiserfs-kmp-default-debuginfo-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-syms-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Legacy Module 15 SP7) kernel-default-debugsource-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-base-6.4.0-150700.53.6.1.150700.17.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-source-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-devel-debuginfo-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-devel-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-obs-build-debugsource-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-docs-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-default-debuginfo-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Development Tools Module 15 SP7) kernel-obs-build-6.4.0-150700.53.6.1.x86_64.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-devel-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02307-1(Basesystem Module 15 SP7) kernel-macros-6.4.0-150700.53.6.1.noarch.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-debuginfo-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-devel-6.4.0-150600.23.60.4.noarch.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-debugsource-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-devel-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-base-6.4.0-150600.23.60.5.150600.12.26.4.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-default-devel-debuginfo-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Legacy Module 15 SP6) reiserfs-kmp-default-debuginfo-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Legacy Module 15 SP6) reiserfs-kmp-default-6.4.0-150600.23.60.5.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-syms-6.4.0-150600.23.60.4.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-source-6.4.0-150600.23.60.4.noarch.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-obs-build-debugsource-6.4.0-150600.23.60.3.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-obs-build-6.4.0-150600.23.60.3.x86_64.rpmLinux
SUSE-SU-2025:02538-1(Basesystem Module 15 SP6) kernel-macros-6.4.0-150600.23.60.4.noarch.rpmLinux
SUSE-SU-2025:02538-1(Development Tools Module 15 SP6) kernel-docs-6.4.0-150600.23.60.3.noarch.rpmLinux
Kernel-uek-debug update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-debug-5.4.17-2136.346.6.el8uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-debug-devel-5.4.17-2136.346.6.el8uek.x86_64.rpmLinux
Kernel-uek update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-5.4.17-2136.346.6.el8uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-doc-5.4.17-2136.346.6.el8uek.noarch.rpmLinux
Kernel-uek-container update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-container-5.4.17-2136.346.6.el8uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-devel-5.4.17-2136.346.6.el8uek.x86_64.rpmLinux
Kernel-uek-container-debug update (ELSA-2025-20521) ELSA-2025-20521 kernel-uek-container-debug-5.4.17-2136.346.6.el8uek.x86_64.rpmLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-cpupower_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-doc_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-doc-6.1_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-686-dbg_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-686-pae-dbg_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-cpupower_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-amd64-signed-template_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-cloud-amd64-dbg_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-i386-signed-template_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-rt-686-pae-dbg_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-rt-amd64-dbg_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-image-amd64-dbg_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-config-6.1_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-config-6.1_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-compiler-gcc-12-x86_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-kbuild-6.1_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower1_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower1_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower-dev_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 libcpupower-dev_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 hyperv-daemons_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 hyperv-daemons_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 bpftool_7.1.0+6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-compiler-gcc-12-x86_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 usbip_2.0+6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 usbip_2.0+6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 rtla_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 rtla_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-source-6.1_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-source_6.1.147-1_all.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-libc-dev_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 bpftool_7.1.0+6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-libc-dev_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-perf_6.1.147-1_amd64.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-kbuild-6.1_6.1.147-1_i386.debLinux
linux security update(DSA-5973-1) DSA-5973-1 linux-perf_6.1.147-1_i386.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234