What is CVE-2025-40269?

CVE-2025-40269 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.4.229 onward and patched in 4.4.230, 4.9.230, 4.14.188 and others. CVE-2025-40269 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40269?

CVE-2025-40269 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40269?

Yes, CVE-2025-40269 has been patched. Fixed versions include 4.4.230, 4.9.230, 4.14.188 and others. If you are running Linux kernel 4.4.229 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40269 actively exploited?

CVE-2025-40269 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40269

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet sizes are limited by some factors such as wMaxPacketSize USB descriptor. OTOH, in the current code, the actually used packet sizes are determined only by the rate and the PPS, which may be bigger than the size limit above. This results in a buffer overflow, as reported by syzbot. Basically when the limit is smaller than the calculated packet size, it implies that something is wrong, most likely a weird USB descriptor. So the best option would be just to return an error at the parameter setup time before doing any further operations. This patch introduces such a sanity check, and returns -EINVAL when the packet size is greater than maxpacksize. The comparison with ep->packsize[1] alone should suffice since it's always equal or greater than ep->packsize[0].

Package Linux Kernel

Published 2025-12-06

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.4.229, 4.9.229, 4.14.186, 4.19.130, 5.4.49, 5.7.6, 5.8 and later are affected. Fixed in 4.4.230, 4.9.230, 4.14.188, 4.19.132, 5.4.51, 5.7.8, 5.10.247, 5.15.197, 6.1.159, 6.6.117, 6.12.59, 6.17.9, 6.18 and their respective stable series.

Affected from

≥ 4.4.229 ≥ 4.9.229 ≥ 4.14.186 ≥ 4.19.130 ≥ 5.4.49 ≥ 5.7.6 ≥ 5.8

Fixed in

✓ 4.4.230 4.4.x ✓ 4.9.230 4.9.x ✓ 4.14.188 4.14.x ✓ 4.19.132 4.19.x ✓ 5.4.51 5.4.x ✓ 5.7.8 5.7.x ✓ 5.10.247 5.10.x ✓ 5.15.197 5.15.x ✓ 6.1.159 6.1.x ✓ 6.6.117 6.6.x ✓ 6.12.59 6.12.x ✓ 6.17.9 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40269 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf
Patch
Kernel patch commit
https://git.kernel.org/stable/c/217d47255a2ec8b246f2725f5db9ac3f1d4109d7
Patch
Kernel patch commit
https://git.kernel.org/stable/c/282aba56713bbc58155716b55ca7222b2d9cf3c8
Patch

13 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40269?

CVE-2025-40269 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.4.229 onward and has been patched in 4.4.230, 4.9.230, 4.14.188 and others. CVE-2025-40269 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40269?

Yes — CVE-2025-40269 has been patched. Fixed versions include 4.4.230, 4.9.230, 4.14.188 and others. If you are running Linux kernel 4.4.229 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40269 actively exploited?

No — CVE-2025-40269 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.