Null Pointer Dereference in Linux Kernel Audio Subsystem
CVE-2025-38706

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 September 2025

What is CVE-2025-38706?

A vulnerability in the Linux kernel's audio subsystem can lead to a null pointer dereference when the snd_soc_remove_pcm_runtime() function is invoked with a NULL rtd parameter. This scenario may occur if a link is marked as ignored due to a missing hardware component, preventing the creation of a runtime. Consequently, during the removal of the module, the soc_tplg_remove_link() function attempts to call snd_soc_remove_pcm_runtime(), resulting in the potential for unexpected system behavior.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 8b465bedc2b417fd27c1d1ab7122882b4b60b1a0

Linux 50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 82ba7b8cf9f6e3bf392a9f08ba3d1c0b200ccb94

Linux 50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 7f8fc03712194fd4e2df28af7f7f7a38205934ef

References

https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7...
https://git.kernel.org/stable/c/82ba7b8cf9f6e3bf392a9f08b...
https://git.kernel.org/stable/c/7f8fc03712194fd4e2df28af7...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.