Acknowledged
Created: Jun 19, 2025
Updated: Jun 20, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ALSA: pcm: Fix race of buffer access at PCM OSS layer[EOL][EOL]The PCM OSS layer tries to clear the buffer with the silence data at[EOL]initialization (or reconfiguration) of a stream with the explicit call[EOL]of snd_pcm_format_set_silence() with runtime->dma_area. But this may[EOL]lead to a UAF because the accessed runtime->dma_area might be freed[EOL]concurrently, as it's performed outside the PCM ops.[EOL][EOL]For avoiding it, move the code into the PCM core and perform it inside[EOL]the buffer access lock, so that it won't be changed during the[EOL]operation.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38078 (https://nvd.nist.gov/vuln/detail/CVE-2025-38078)
