PT-2025-46637 · Linux+4 · Linux Kernel+4

Published

2025-10-15

Updated

2026-02-24

CVE-2025-40162

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ASoC amd/sdw utils component where a NULL pointer dereference may occur if devm kasprintf() fails during memory allocation. Specifically, a debug message attempts to print cpus->dai name before verifying that the pointer is not NULL. Moving the debug message call after the NULL check prevents this potential dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-14957

CVE-2025-40162

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Asoc

Linuxmint

Linux Kernel

Ubuntu

Amd/Sdw Utils

PT-2025-46637 · Linux+4 · Linux Kernel+4

CVE-2025-40162

Weakness Enumeration

Related Identifiers

Affected Products

References · 625