Buffer Overflow Vulnerability in Linux Kernel Affects Audio Driver by Qualcomm

CVE-2025-37979

What is CVE-2025-37979?

A vulnerability has been identified in the Linux kernel related to the Qualcomm audio driver, which could lead to potential out-of-bounds access within the sc7280 driver data arrays. This issue arises from the introduction of specific case values in the driver code that have not adequately considered the maximum port ID for q6dsp. The oversight was discovered and reported by the Linux Verification Center, emphasizing the need for careful validation of driver implementations. The resolution involves redefining LPASS_MAX_PORTS to ensure safe access to these data structures, thereby mitigating possible exploitation.

References