CVE-2025-38299

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.14.0-rc4-next-20250226+ and earlier

Description: A flaw exists in the Linux kernel related to the ASoC (Audio Subsystem on Chip) component, specifically within the MediaTek mt8195 driver. The issue arises when ETDM1/2 IN/OUT are set to COMP DUMMY(), and ETDM2 IN BE and ETDM1 OUT BE are defined as COMP EMPTY(). In such cases, the codec dai name can become null, potentially leading to a kernel crash if the device tree does not assign a codec to these links. This can result in a NULL pointer dereference.

Recommendations: Linux kernel versions prior to 6.14.0-rc4-next-20250226+ are affected. Update the Linux kernel to a version that addresses this issue.

Exploit

Fix

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-476

Related Identifiers

BDU:2025-08508

CVE-2025-38299

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_02853-1

SUSE-SU-2025_02997-1

SUSE-SU-2025_03011-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Mediatek Mt8195

Red Os

Suse

Ubuntu

CVE-2025-38299

Weakness Enumeration

Related Identifiers

Affected Products

References · 2729