PT-2025-35979 · Linux+5 · Linux Kernel+5

Published

2025-06-19

·

Updated

2026-05-26

·

CVE-2025-38706

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The snd soc remove pcm runtime() function may be called with rtd equal to NULL, leading to a null pointer dereference. This issue was reproduced during topology loading and when a link was marked as ignored due to a missing hardware component. During module removal, soc tplg remove link() calls snd soc remove pcm runtime() with rtd equal to NULL because no runtime was created for the ignored link.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

AZL-66896
AZL-75161
BDU:2025-15753
CVE-2025-38706
DLA-4327-1
DLA-4328-1
DSA-6009-1
ECHO-A405-BE30-AED4
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu