The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is     transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet sizes     are limited by some factors such as wMaxPacketSize USB descriptor. OTOH, in the current code, the actually     used packet sizes are determined only by the rate and the PPS, which may be bigger than the size limit     above. This results in a buffer overflow, as reported by syzbot. Basically when the limit is smaller than     the calculated packet size, it implies that something is wrong, most likely a weird USB descriptor. So the     best option would be just to return an error at the parameter setup time before doing any further     operations. This patch introduces such a sanity check, and returns -EINVAL when the packet size is greater     than maxpacksize. The comparison with ep->packsize[1] alone should suffice since it's always equal or     greater than ep->packsize[0]. (CVE-2025-40269)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-40269

medium Nessus Plugin ID 277712

Version 1.4

Version 1.3

Version 1.2

Version 1.4 Dec 13, 2025, 1:08 AM CVSS metrics ("CVSSv3 score" set to 4.3) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H") Detection (updated detection logic) Plugin metadata Plugin Feed: 202512130108
Version 1.3 Dec 10, 2025, 9:29 AM CVSS metrics ("CVSSv3 score" set to 5.9) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H") CVSSv3 severity (based on None, severity decreased from "High" to "Medium") Detection (updated detection logic) Plugin metadata Plugin Feed: 202512100929
Version 1.2 Dec 9, 2025, 2:31 AM CVSS metrics ("CVSSv2 score" set to 7.2. "CVSSv2 vector" set to "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C". "CVSSv3 score" set to 7.1. "CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H") CVSSv2 severity (based on CVE-2025-40269, severity increased from "Medium" to "High") CVSSv3 severity (based on None, severity increased from "Medium" to "High") Detection (updated detection logic) New Plugin metadata Plugin Feed: 202512090231