{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68346","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.299Z","datePublished":"2025-12-24T10:32:39.101Z","dateUpdated":"2026-05-11T21:51:25.174Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:51:25.174Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: dice: fix buffer overflow in detect_stream_formats()\n\nThe function detect_stream_formats() reads the stream_count value directly\nfrom a FireWire device without validating it. This can lead to\nout-of-bounds writes when a malicious device provides a stream_count value\ngreater than MAX_STREAMS.\n\nFix by applying the same validation to both TX and RX stream counts in\ndetect_stream_formats()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/firewire/dice/dice-extension.c"],"versions":[{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"d6280a5b00cad37d9a9a875849e5bf7ed2fe4950","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"3cf854cec0eb371da47ff5fe56eab189d7fa623a","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"932aa1e80b022419cf9710e970739b7a8794f27c","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9","status":"affected","versionType":"git"},{"version":"58579c056c1c9510ae6695ed8e01ee05bbdcfb23","lessThan":"324f3e03e8a85931ce0880654e3c3eb38b0f0bba","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["sound/firewire/dice/dice-extension.c"],"versions":[{"version":"4.18","status":"affected"},{"version":"0","lessThan":"4.18","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d6280a5b00cad37d9a9a875849e5bf7ed2fe4950"},{"url":"https://git.kernel.org/stable/c/3cf854cec0eb371da47ff5fe56eab189d7fa623a"},{"url":"https://git.kernel.org/stable/c/4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4"},{"url":"https://git.kernel.org/stable/c/dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0"},{"url":"https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6"},{"url":"https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c"},{"url":"https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9"},{"url":"https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba"}],"title":"ALSA: dice: fix buffer overflow in detect_stream_formats()","x_generator":{"engine":"bippy-1.2.0"}}}}