vulnerability
Debian: CVE-2025-38078: linux, linux-6.1 -- security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:N/I:N/A:C) | Jun 18, 2025 | Jun 20, 2025 | Mar 30, 2026 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:N/I:N/A:C)
Published
Jun 18, 2025
Added
Jun 20, 2025
Modified
Mar 30, 2026
Description
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix race of buffer access at PCM OSS layer
The PCM OSS layer tries to clear the buffer with the silence data at
initialization (or reconfiguration) of a stream with the explicit call
of snd_pcm_format_set_silence() with runtime->dma_area. But this may
lead to a UAF because the accessed runtime->dma_area might be freed
concurrently, as it's performed outside the PCM ops.
For avoiding it, move the code into the PCM core and perform it inside
the buffer access lock, so that it won't be changed during the
operation.
Solutions
debian-upgrade-linuxdebian-upgrade-linux-6-1
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.