Updated: 2026-02-27 01:27:28.369891
Description:
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | kernel | 2.6.32 | 7.1 | HIGH | Released | CLSA-2025:1748366748 | 2025-06-10 00:31:17 | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2025:1762332910 | 2025-11-21 21:24:58 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1747688514 | 2025-05-21 01:45:19 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1747688831 | 2025-05-21 01:45:20 | |
| CloudLinux 6 ELS | kernel | 2.6.32 | 7.1 | HIGH | Needs Triage | 2025-08-30 11:25:46 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Ignored | 2025-11-07 22:59:40 | CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo... | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.1 | HIGH | Released | CLSA-2025:1748365686 | 2025-05-28 00:31:36 | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2025:1762244592 | 2025-11-05 04:57:48 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.1 | HIGH | Already Fixed | 2025-12-18 20:27:17 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2025:1762244848 | 2025-11-05 04:57:46 |