vulnerability

Ubuntu: (Multiple Advisories) (CVE-2025-37891): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	May 19, 2025	Jun 26, 2025	Feb 13, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

May 19, 2025

Added

Jun 26, 2025

Modified

Feb 13, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: ump: Fix buffer overflow at UMP SysEx message conversion

The conversion function from MIDI 1.0 to UMP packet contains an
internal buffer to keep the incoming MIDI bytes, and its size is 4, as
it was supposed to be the max size for a MIDI1 UMP packet data.
However, the implementation overlooked that SysEx is handled in a
different format, and it can be up to 6 bytes, as found in
do_convert_to_ump(). It leads eventually to a buffer overflow, and
may corrupt the memory when a longer SysEx message is received.

The fix is simply to extend the buffer size to 6 to fit with the SysEx
UMP message.

Solutions

ubuntu-upgrade-linux-image-6-14-0-1006-realtimeubuntu-upgrade-linux-image-6-14-0-1007-oemubuntu-upgrade-linux-image-6-14-0-1009-awsubuntu-upgrade-linux-image-6-14-0-1009-aws-64kubuntu-upgrade-linux-image-6-14-0-1009-oracleubuntu-upgrade-linux-image-6-14-0-1009-oracle-64kubuntu-upgrade-linux-image-6-14-0-1009-raspiubuntu-upgrade-linux-image-6-14-0-1010-azureubuntu-upgrade-linux-image-6-14-0-1011-gcpubuntu-upgrade-linux-image-6-14-0-1011-gcp-64kubuntu-upgrade-linux-image-6-14-0-24-genericubuntu-upgrade-linux-image-6-14-0-24-generic-64kubuntu-upgrade-linux-image-6-8-0-100-genericubuntu-upgrade-linux-image-6-8-0-100-generic-64kubuntu-upgrade-linux-image-6-8-0-1047-gcpubuntu-upgrade-linux-image-6-8-0-1047-gcp-64kubuntu-upgrade-linux-image-6-8-0-1047-raspiubuntu-upgrade-linux-image-6-8-1-1041-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-6-14ubuntu-upgrade-linux-image-aws-64kubuntu-upgrade-linux-image-aws-64k-6-14ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-6-14ubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-6-14ubuntu-upgrade-linux-image-gcp-6-8ubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-6-14ubuntu-upgrade-linux-image-gcp-64k-6-8ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-6-14ubuntu-upgrade-linux-image-generic-6-8ubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-6-14ubuntu-upgrade-linux-image-generic-64k-6-8ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-intel-iotgubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04cubuntu-upgrade-linux-image-oem-6-14ubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-6-14ubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-6-14ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-6-14ubuntu-upgrade-linux-image-raspi-6-8ubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-6-14ubuntu-upgrade-linux-image-realtime-6-8-1ubuntu-upgrade-linux-image-realtime-hwe-22-04ubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-6-14ubuntu-upgrade-linux-image-virtual-6-8ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today