CVE-2025-37805

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability has been resolved in the Linux kernel related to the sound/virtio module. The issue arises when the virtsnd probe() function triggers an error path, leading to a call to virtsnd remove(), which iterates over substreams and calls cancel work sync() on an uninitialized elapsed period work struct. This results in a warning being generated. The problem occurs when an error is encountered during the allocation of information or if virtsnd ctl query info() fails, causing the function to exit without initializing the elapsed period work struct. The proposed fix involves initializing the substreams structure immediately after allocation to prevent the cleanup of uninitialized data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.