NULL Pointer Vulnerability in Linux Kernel Affecting Audio Components
CVE-2025-39892

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-39892?

A vulnerability exists in the Audio Subsystem of the Linux kernel due to a NULL pointer dereference when handling driver names. The issue occurs in the soc-generic-dmaengine-pcm.c file when the CPU and platform share the same device, leading to a potential crash during the driver probe process. If the CPU component driver lacks a proper driver name, it may trigger a NULL pointer access, causing system instability. This flaw can impact multiple kernel versions and underscores the necessity for regular updates to mitigate potential security risks.

Affected Version(s)

Linux 144d6dfc7482455eabf8e8caa974a6e8d9572705 < 1d282dcd46d972be338085ae9e217462b366ce6e

Linux 144d6dfc7482455eabf8e8caa974a6e8d9572705 < 168873ca1799d3f23442b9e79eae55f907b9b126

Linux 6.16

References

https://git.kernel.org/stable/c/1d282dcd46d972be338085ae9...

https://git.kernel.org/stable/c/168873ca1799d3f23442b9e79...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Apr 16, 2025

JSON