PT-2025-40066 · Linux+1 · Linux Kernel+1
Published
2025-10-01
·
Updated
2025-10-01
·
CVE-2025-39892
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The Linux kernel contains a flaw within the ASoC (Advanced Linux Sound Architecture) core, specifically in the
snd soc lookup component nolocked() function. This issue arises when the driver name is NULL, leading to a potential NULL pointer access error. The problem occurs in soc-generic-dmaengine-pcm.c where the same device is used for both CPU and Platform components. If the CPU component driver lacks a name (driver->name), accessing the driver name within snd soc lookup component nolocked() results in the error. The function strcmp is involved in the error trace.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel