CVE-2025-38307

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel related to the ASoC (Advanced Linux Sound Architecture) Intel audio subsystem. Specifically, the parse int array() function does not adequately validate the length of the array it returns. If the returned array's length is 0, accessing elements beyond the first element (index 0) can lead to a null pointer dereference.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-64886

BDU:2025-09050

CVE-2025-38307

MGASA-2025-0218

MGASA-2025-0219

OESA-2026-2417

OESA-2026-2418

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:02996-1

SUSE-SU-2025:02997-1

SUSE-SU-2025:03011-1

SUSE-SU-2025:03023-1

SUSE-SU-2025:20577-1

SUSE-SU-2025:20586-1

SUSE-SU-2025:20601-1

SUSE-SU-2025:20602-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025_02853-1

SUSE-SU-2025_02969-1

SUSE-SU-2025_02996-1

SUSE-SU-2025_02997-1

SUSE-SU-2025_03011-1

SUSE-SU-2025_03023-1

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Intel Audio Subsystem

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-38307

Weakness Enumeration

Related Identifiers

Affected Products

References · 3334