{"id":"CVE-2025-38078","summary":"ALSA: pcm: Fix race of buffer access at PCM OSS layer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime-\u003edma_area.  But this may\nlead to a UAF because the accessed runtime-\u003edma_area might be freed\nconcurrently, as it's performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won't be changed during the\noperation.","modified":"2026-04-02T12:47:47.396885Z","published":"2025-06-18T09:33:52.644Z","related":["SUSE-SU-2025:02249-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02335-1","SUSE-SU-2025:02538-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20475-1","SUSE-SU-2025:20483-1","SUSE-SU-2025:20493-1","SUSE-SU-2025:20498-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38078.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73"},{"type":"WEB","url":"https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38078.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38078"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2"},{"fixed":"c0e05a76fc727929524ef24a19c302e6dd40233f"},{"fixed":"8170d8ec4efd0be352c14cb61f374e30fb0c2a25"},{"fixed":"10217da9644ae75cea7330f902c35fc5ba78bbbf"},{"fixed":"f3e14d706ec18faf19f5a6e75060e140fea05d4a"},{"fixed":"74d90875f3d43f3eff0e9861c4701418795d3455"},{"fixed":"bf85e49aaf3a3c5775ea87369ea5f159c2148db4"},{"fixed":"afa56c960fcb4db37f2e3399f28e9402e4e1f470"},{"fixed":"93a81ca0657758b607c3f4ba889ae806be9beb73"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38078.json"}}],"schema_version":"1.7.5"}