CVE-2025-39938

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ASoC Qualcomm q6apm-lpass-dais component. Specifically, a NULL pointer dereference can occur if the initialization of the source graph fails. This happens when the graph is closed and dai data->graph[dai->id] is assigned NULL, but the preparation for the sink graph continues, leading to a NULL pointer exception during the q6apm lpass dai prepare() function call. This can result in errors during APM port startup and potentially system instability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-68135

BDU:2026-02681

CVE-2025-39938

DLA-4379-1

DSA-6053-1

ECHO-35AE-7297-8E95

MGASA-2025-0309

MGASA-2025-0310

OESA-2025-2765

OESA-2025-2766

OESA-2025-2767

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4301-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Qualcomm Q6Apm-Lpass-Dais

Suse

Ubuntu

CVE-2025-39938

Weakness Enumeration

Related Identifiers

Affected Products

References · 3521