Linux Kernel Vulnerability in ALSA SoC Simple Card Utilities by Vendor
CVE-2025-39930

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability has been detected in the ALSA SoC Simple Card Utilities within the Linux kernel. The issue arises from improper handling of device nodes during the parsing process in graph_util_parse_dai(). The original implementation erroneously utilized __free(device_node), which could lead to unintended memory management issues while the driver is actively in use. This oversight can affect the stability and reliability of the audio subsystem, necessitating immediate attention to ensure proper device node management and memory allocation procedures are followed.

Affected Version(s)

Linux 419d1918105e5d9926ab02f1f834bb416dc76f65 < 232a32e8a7e9be8a2ee238df9b5304eed2f4e195

Linux 419d1918105e5d9926ab02f1f834bb416dc76f65

Linux 6.14

References

https://git.kernel.org/stable/c/232a32e8a7e9be8a2ee238df9...

https://git.kernel.org/stable/c/de74ec718e0788e1998eb7289...

Timeline

Vulnerability published
Apr 18, 2025
Vulnerability Reserved
Apr 16, 2025