More information about this CVE will likely be available in a few days

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats().

Related CPE's

Could not find any relations

References

https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9

https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba

https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c

https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6

Weaknesses

Could not find any weaknesses

CVSS impact metrics

Could not find any metrics

Information

Source identifier

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability status

Received

Published

2025-12-24T11:15:57.947

2 hours ago

Last modified

2025-12-24T11:15:57.947

2 hours ago