CVE-2025-38662

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw was discovered in the Linux kernel related to the ASoC (Audio Subsystem over Component) framework, specifically within the mediatek mt8365-dai-i2s driver. The mt8365 dai set priv function incorrectly handles the size of data copied, leading to a potential out-of-bounds write condition detected by KASAN (Kernel Address Sanitizer). This occurs because the function allocates space based on the size of struct mt8365 afe private instead of struct mtk afe i2s priv when copying data into the priv data buffer.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.