PT-2025-49791 · Linux+4 · Linux Kernel+4

Published

2025-01-01

Updated

2026-05-26

CVE-2025-40338

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:H/Au:M/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's ASoC (Advanced Linux Sound Architecture) Intel AVS (Audio Video System) component. Sharing the name pointer directly between components can lead to use-after-free errors when components are shut down. The issue is addressed by duplicating the name to prevent this. The framework does not override the component's name if it is set before the initializer is invoked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-416

Related Identifiers

BDU:2026-01365

CVE-2025-40338

ECHO-8BA3-E338-1667

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Debian

Intel Avs

Linuxmint

Linux Kernel

Ubuntu

PT-2025-49791 · Linux+4 · Linux Kernel+4

CVE-2025-40338

Weakness Enumeration

Related Identifiers

Affected Products

References · 1921