Use-After-Free Vulnerability in Intel HDA Component of Linux Kernel
CVE-2025-38056

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-38056?

A use-after-free vulnerability exists in the Intel HDA component of the Linux kernel. When the module is unloaded, a global variable is left pointing to freed memory. This issue arises during the module's reload process. The erroneous memory access can lead to unpredictable behavior, potentially exposing the system to various exploits. The flaw is addressed by ensuring that the match array is duplicated before any modifications occur, mitigating the risk of accessing invalid memory.

Affected Version(s)

Linux 5458411d75947a4212e50a401ec0a98d4c6c931b < 2b49e68360eb6a1c03dc1642a51f7d9f6784c034

Linux 5458411d75947a4212e50a401ec0a98d4c6c931b

Linux 5458411d75947a4212e50a401ec0a98d4c6c931b < 7dd7f39fce0022b386ef1ea5ffef92ecc7dfc6af

References

https://git.kernel.org/stable/c/2b49e68360eb6a1c03dc1642a...

https://git.kernel.org/stable/c/f9670b2e81e8a3cbf2e1e7571...

https://git.kernel.org/stable/c/7dd7f39fce0022b386ef1ea5f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 16, 2025