Memory Corruption in Linux Kernel Affecting ALSA Audio Interfaces
CVE-2025-39696

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39696?

A vulnerability in the ALSA (Advanced Linux Sound Architecture) subsystem of the Linux kernel allows for potential memory corruption due to an incorrect reference to the tasdevice_priv pointer. During efforts to unify calibration data management, the memory reference was mistakenly assigned to h->hda_priv instead of h->priv. This misconfiguration may result in system instability, including crashes, as the compiler is unable to detect the void pointer's context and validity. It is crucial for users to ensure they are running patched versions of the Linux kernel to mitigate these risks.

Affected Version(s)

Linux 4fe238513407d83f38bf5782e8bcdd7b8baeb85d < 2812815aa79637d39d4398ecd7e58f65d1c79231

Linux 4fe238513407d83f38bf5782e8bcdd7b8baeb85d < 3f4422e7c9436abf81a00270be7e4d6d3760ec0e

Linux 6.16

References

https://git.kernel.org/stable/c/2812815aa79637d39d4398ecd...

https://git.kernel.org/stable/c/3f4422e7c9436abf81a00270b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025