CVE-2025-68753

In the Linux kernel, the following vulnerability has been resolved:

ALSA: firewire-motu: add bounds check in put_user loop for DSP events

In the DSP event handling code, a put_user() loop copies event data.
When the user buffer size is not aligned to 4 bytes, it could overwrite
beyond the buffer boundary.

Fix by adding a bounds check before put_user().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.247-1
fixed
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
forky
6.17.13-1
fixed
sid
6.18.3-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/0d71b3c2ed742f1ccb3b0b7a61afb90c0251093f
https://git.kernel.org/stable/c/298e753880b6ea99ac30df34959a7a03b0878eed
https://git.kernel.org/stable/c/8f9e51cf2a2a43d0cd72d3dc0b5ccea3f639c187
https://git.kernel.org/stable/c/df692cf2b601a54b34edfdb9e683d67483aa8ce1