Linux Kernel Vulnerability in ALSA USB Scarlett2 by Linux Foundation
CVE-2025-38629

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38629?

The ALSA subsystem of the Linux kernel has a vulnerability in the USB Scarlett2 driver that allows for potential NULL dereference errors. This issue arises in the function scarlett2_input_select_ctl_info(), where proper checks for NULL values are absent after allocating string arrays through kasprintf(). This oversight can lead to system instability or crashes if the function attempts to access a NULL pointer. Fixing this issue involves adding necessary NULL checks to ensure robust handling of memory allocations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53

Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 < 2c735fcaee81ad8056960659dc9dc460891e76b0

Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53

References

https://git.kernel.org/stable/c/d558db85920b124bac36f8a7d...
https://git.kernel.org/stable/c/2c735fcaee81ad8056960659d...
https://git.kernel.org/stable/c/df485a4b2b3ee5b35c80f990b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.