NULL Pointer Dereference in Linux Kernel ASoC qcom Component
CVE-2025-39938

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39938?

In the Linux kernel's ASoC qcom component, a vulnerability exists that could lead to a NULL pointer dereference when the source graph fails to open correctly. If the audio processing subsystem rejects an incorrect audioreach topology, the ensuing operations continue despite the graph being set to NULL. This flaw can trigger a series of errors in the kernel, ultimately resulting in a system crash or unpredictable behavior during audio playback.

Affected Version(s)

Linux 30ad723b93ade607a678698e5947a55a4375c3a1 < 01d1ba106c9e02a2e7d41e07be49031a0ff0ecaa

Linux 30ad723b93ade607a678698e5947a55a4375c3a1 < 411f7d4f7038200cdf6d4f71ee31026ebf2dfedb

Linux 30ad723b93ade607a678698e5947a55a4375c3a1 < 9c534dbfd1726502abcf0bd393a04214f62c050b

References

https://git.kernel.org/stable/c/01d1ba106c9e02a2e7d41e07b...

https://git.kernel.org/stable/c/411f7d4f7038200cdf6d4f71e...

https://git.kernel.org/stable/c/9c534dbfd1726502abcf0bd39...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON