Null Pointer Dereference in Linux Kernel Audio Subsystem
CVE-2025-38706

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 September 2025

What is CVE-2025-38706?

A vulnerability in the Linux kernel's audio subsystem can lead to a null pointer dereference when the snd_soc_remove_pcm_runtime() function is invoked with a NULL rtd parameter. This scenario may occur if a link is marked as ignored due to a missing hardware component, preventing the creation of a runtime. Consequently, during the removal of the module, the soc_tplg_remove_link() function attempts to call snd_soc_remove_pcm_runtime(), resulting in the potential for unexpected system behavior.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8b465bedc2b417fd27c1d1ab7122882b4b60b1a0

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 82ba7b8cf9f6e3bf392a9f08ba3d1c0b200ccb94

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7f8fc03712194fd4e2df28af7f7f7a38205934ef

References

https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7...
https://git.kernel.org/stable/c/82ba7b8cf9f6e3bf392a9f08b...
https://git.kernel.org/stable/c/7f8fc03712194fd4e2df28af7...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38706 : Null Pointer Dereference in Linux Kernel Audio Subsystem