From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A426719C553 for ; Mon, 6 Oct 2025 08:14:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759738466; cv=none; b=Gnaql1m9cAENas35i8oEd8lKT6dJ9ir53mVhNKPGImjslv1oped9zmIzu3K660Tjb+XFSApDehV4biGElS/qRMdZ7JgjqPXok98DvdKBpVbzQrFLymK3p3XRACRreewkqE/aFp5w10f+dnRvwVD3IFicFk1gpXIHWZZWWk6F5XU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759738466; c=relaxed/simple; bh=lpdo8shL6qCULRJijFlMV4LAGeuJwJtU6Oa+8jn22uo=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=IYnAgE4x/ypwBSWLxcn4IgoHhzau7OPDK5zAtt6Ft/q/ipOlBqnEWRxCex62qbXPDaa1zvTuAk+iwHo2UQGBcD1TRw5YwCeD772UIqLMxlONeQgY2AxigBFUhhOO/hM6M0xmtXhoOTSBD+TbxNkJVDaX234qglu82fOw5kzoxTA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=R3lmH1U+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="R3lmH1U+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id BCC42C4CEF5; Mon, 6 Oct 2025 08:14:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1759738466; bh=lpdo8shL6qCULRJijFlMV4LAGeuJwJtU6Oa+8jn22uo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=R3lmH1U+Dg2ouNbNEgM7YyuuQGRj1sMuc8Qnaqt4Zov3Z5TZabmXYeg5f3R367sE1 BMhHwh6Mu2ik53xRRbA1cQtaD7grzZs/qVIHE7iQ3SNqFTEGhxJbDWHzOmHqGztUwy zEnA9cOyLZFWfcAnki15E0DFCTLnSHvrM0sWUglM= Date: Mon, 6 Oct 2025 10:14:23 +0200 From: "gregkh@linuxfoundation.org" To: Siddh Raman Pant Cc: "cve@kernel.org" , "linux-kernel@vger.kernel.org" Subject: Re: CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Message-ID: <2025100646-strategy-spindle-ae8a@gregkh> References: <2025091142-CVE-2025-39751-c340@gregkh> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Oct 06, 2025 at 07:07:00AM +0000, Siddh Raman Pant wrote: > On Thu, 11 Sep 2025 18:52:52 +0200, Greg Kroah-Hartman wrote: > > ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control > > > > The 'sprintf' call in 'add_tuning_control' may exceed the 44-byte > > buffer if either string argument is too long. This triggers a compiler > > warning. > > Replaced 'sprintf' with 'snprintf' to limit string lengths to prevent > > overflow. > > > > The Linux kernel CVE team has assigned CVE-2025-39751 to this issue. > > While the change is good for defensive reasons, there isn't actually > any buffer overflow as it is to "fix". > > The largest string possible is "Wedge Angle Playback Volume", whose > length is less than 44. Thanks for the info. What was the compiler warning about then if it could detect just how big the string would always be as these are static values? Should this CVE be rejected? thanks, greg k-h