Null Pointer Dereference Flaw in Linux Kernel Affects SOF Audio
CVE-2025-21847

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 March 2025

Summary

In the Linux kernel's SOF (Sound Open Firmware) component, a vulnerability arises from the improper handling of null pointers in IPC message data. The issue occurs when the null status of the 'cstream' structure is inadequately verified, leading to potential null pointer dereference if assumed non-null when its corresponding 'stream' is null. This flaw can lead to unpredictable behavior, impacting system security and stability. Developers are advised to update to patched versions that include a thorough check for 'cstream' nullity, as implemented in the recent updates.

Affected Version(s)

Linux 090349a9feba3ceee3997d31d68ffe54e5b57acb < 2b3878baf90918a361a3dfd3513025100b1b40b6

Linux 090349a9feba3ceee3997d31d68ffe54e5b57acb < 62ab1ae5511c59b5f0bf550136ff321331adca9f

Linux 090349a9feba3ceee3997d31d68ffe54e5b57acb < 6c18f5eb2043ebf4674c08a9690218dc818a11ab

References

https://git.kernel.org/stable/c/2b3878baf90918a361a3dfd35...

https://git.kernel.org/stable/c/62ab1ae5511c59b5f0bf55013...

https://git.kernel.org/stable/c/6c18f5eb2043ebf4674c08a96...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Dec 29, 2024