{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: ALSA: ump buffer overflow via malformed UMP SysEx message",
    "id" : "2367202",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2367202"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-131",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nALSA: ump: Fix buffer overflow at UMP SysEx message conversion\nThe conversion function from MIDI 1.0 to UMP packet contains an\ninternal buffer to keep the incoming MIDI bytes, and its size is 4, as\nit was supposed to be the max size for a MIDI1 UMP packet data.\nHowever, the implementation overlooked that SysEx is handled in a\ndifferent format, and it can be up to 6 bytes, as found in\ndo_convert_to_ump().  It leads eventually to a buffer overflow, and\nmay corrupt the memory when a longer SysEx message is received.\nThe fix is simply to extend the buffer size to 6 to fit with the SysEx\nUMP message.", "A flaw was found in the Linux kernel's Advanced Linux Sound Architecture (ALSA) Universal MIDI Packet (UMP) driver. This vulnerability allows a buffer overflow and potential memory corruption via a malformed Universal MIDI Packet (UMP) System Exclusive (SysEx) message during MIDI 1.0 to UMP conversion." ],
  "statement" : "MODERATE: A vulnerability in the Linux kernel's ALSA Universal MIDI Packet (UMP) driver could lead to a memory corruption due to a buffer overflow problem. This vulnerability occurs during MIDI to UMP conversion when processing a malformed UMP System Exclusive (SysEx) message. In this flaw a local attacker with normal user privilege may cause a random memory corruption which may lead to a denial of service (DoS).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-01-26T00:00:00Z",
    "advisory" : "RHSA-2026:1236",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "kernel-0:6.12.0-55.55.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-01-21T00:00:00Z",
    "advisory" : "RHSA-2026:0917",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.107.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-01-19T00:00:00Z",
    "advisory" : "RHSA-2026:0804",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.79.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-37891\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-37891\nhttps://lore.kernel.org/linux-cve-announce/2025051909-CVE-2025-37891-5344@gregkh/T" ],
  "name" : "CVE-2025-37891",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}