Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: dice: fix buffer overflow in detect_stream_formats() The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats().

INFO

Published Date :

2025-12-24T10:32:39.101Z

Last Modified :

2026-02-09T08:31:35.157Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68346 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68346.

URL Resource
https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9 cve-icon cve-icon
https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba cve-icon cve-icon
https://git.kernel.org/stable/c/3cf854cec0eb371da47ff5fe56eab189d7fa623a cve-icon cve-icon
https://git.kernel.org/stable/c/4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4 cve-icon cve-icon
https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c cve-icon cve-icon
https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6 cve-icon cve-icon
https://git.kernel.org/stable/c/d6280a5b00cad37d9a9a875849e5bf7ed2fe4950 cve-icon cve-icon
https://git.kernel.org/stable/c/dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68346-10ef@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68346 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68346 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact