CVE-2025-68344

medium

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fix integer overflow in sample size validation The wavefront_send_sample() function has an integer overflow issue when validating sample size. The header->size field is u32 but gets cast to int for comparison with dev->freemem Fix by using unsigned comparison to avoid integer overflow.

References

https://git.kernel.org/stable/c/d2f5d8cf1eadb7b33e476f59aa9c6653e4f2b937

https://git.kernel.org/stable/c/bca11de0a277b8baeb7d006f93b543c907b6e782

https://git.kernel.org/stable/c/5588b7c86effffa9bb55383a38800649d7b40778

https://git.kernel.org/stable/c/4f811071e702fbb74933526e2fbadf8c4ed0c0c4

https://git.kernel.org/stable/c/488bf86d60077f52810c60dbdf7468c277880167

https://git.kernel.org/stable/c/1823e08f76c68b9e1d26f6d5ef831b96f61a62a0

https://git.kernel.org/stable/c/0c4a13ba88594fd4a27292853e736c6b4349823d

https://git.kernel.org/stable/c/02b63f3bc29265bd9e83191792d200ed563acacf

Details

Source: Mitre, NVD

Published: 2025-12-24

Updated: 2026-01-19

Risk Information

CVSS v2

Base Score: 5.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Severity: Medium

EPSS

EPSS: 0.00018