cve 2025 68347

About this tag
CVE-2025-68347 is a Linux kernel vulnerability in the ALSA FireWire MOTU driver that could allow writing more bytes to userspace than requested during DSP event handling. The issue was fixed upstream by clamping the copy length with min_t to ensure the driver never copies more than the user-supplied buffer requests. This tag covers discussions about the vulnerability, its impact on Linux systems using FireWire audio interfaces, and the upstream patch that remedied the memory-handling bug.
  1. Linux Kernel CVE-2025-68347: ALSA FireWire Motu Driver Copy Clamp Fix

    The Linux kernel received a focused fix for a small but consequential memory‑handling bug in the ALSA firewire-motu driver that could let the driver write more bytes to userspace than requested during DSP event handling — tracked as CVE-2025-68347 and remedied upstream by clamping copy length...