4 matches found
K000160741: Linux kernel vulnerability CVE-2025-37891
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion. The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as ...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37891)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37891 advisory. - In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP...
CVE-2025-37891
The provided documents confirm CVE-2025-37891 affects the Linux kernel’s ALSA: ump path, where SysEx messages could overflow an internal 4-byte buffer during MIDI 1.0 to UMP conversion. The root cause is that SysEx can be up to 6 bytes, exceeding the original 4-byte buffer, risking memory corrupt...
CVE-2025-37891 ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was supposed to be the max...