Linux Kernel Vulnerability in ALSA USB Scarlett2 by Linux Foundation
CVE-2025-38629
Currently unrated
What is CVE-2025-38629?
The ALSA subsystem of the Linux kernel has a vulnerability in the USB Scarlett2 driver that allows for potential NULL dereference errors. This issue arises in the function scarlett2_input_select_ctl_info(), where proper checks for NULL values are absent after allocating string arrays through kasprintf(). This oversight can lead to system instability or crashes if the function attempts to access a NULL pointer. Fixing this issue involves adding necessary NULL checks to ensure robust handling of memory allocations.
Affected Version(s)
Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53
Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53 < 2c735fcaee81ad8056960659dc9dc460891e76b0
Linux 8eba063b5b2b498ddd01ea6f29fc9b12368c3d53