Updated: 2026-01-08 03:26:06.88751
Description:
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwise malicious firmware may lead to the unexpected OOB accesses.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.1 | HIGH | Released | CLSA-2025:1762171389 | 2025-11-03 17:12:36 | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | In Testing | 2026-01-05 20:08:01 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1763731262 | 2025-11-21 21:34:21 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1763734783 | 2025-11-21 21:34:23 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1763722365 | 2025-11-21 21:34:20 | |
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Ignored | 2025-12-27 04:44:13 | CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo... | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2026:1767867153 | 2026-01-08 16:47:36 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.1 | HIGH | Needs Triage | 2025-12-16 15:33:50 | ||
| RHEL 7 ELS | kernel | 3.10.0 | 7.1 | HIGH | Released | CLSA-2026:1767867718 | 2026-01-08 16:45:03 | |
| Ubuntu 20.04 ELS | linux | 5.4.0 | 7.1 | HIGH | Needs Triage | 2025-12-09 19:09:15 |