Memory Management Vulnerability in Linux Kernel Affecting ALSA Timers
CVE-2025-39765

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39765?

A vulnerability in the Linux kernel's ALSA timer functionality allows for improper handling of ID allocations. Specifically, the snd_utimer_create() function can lead to a scenario where the ida_free() function is erroneously invoked to free an unallocated ID. This could potentially lead to resource management issues and impact system stability. To mitigate this issue, the ID should be set correctly before calling kasprintf(), ensuring that snd_utimer_put_id() only frees allocated IDs.

Affected Version(s)

Linux 37745918e0e7575bc40f38da93a99b9fa6406224 < 34327b362ce2849a5eb02f47e800049e7a20a0ba

Linux 37745918e0e7575bc40f38da93a99b9fa6406224

Linux 37745918e0e7575bc40f38da93a99b9fa6406224 < 5003a65790ed66be882d1987cc2ca86af0de3db1

References

https://git.kernel.org/stable/c/34327b362ce2849a5eb02f47e...

https://git.kernel.org/stable/c/af386b52531d14c4b20f11c45...

https://git.kernel.org/stable/c/5003a65790ed66be882d1987c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025