Null Pointer Dereference in Linux Kernel Audioreach Module by Qualcomm
CVE-2025-40013

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-40013?

A vulnerability in the Linux kernel's audioreach module can lead to potential null pointer dereference during the topology parsing process. The function audioreach_widget_load_module_common() may return a NULL or error pointer without proper checks, resulting in instability or crashes within the affected systems. This issue has been resolved by implementing necessary NULL checks to prevent dereferencing uninitialized pointers.

Affected Version(s)

Linux 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 < 9c1ad4192f3d2fc85339718a6252cb3337848f7b

Linux 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 < 70e1e5fe9f7e05ff831b56ebc02543e7811b8e18

Linux 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 < 4dda55d04caac3b4102c26e29b1c27fa35636be3

References

https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6...

https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc...

https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Apr 16, 2025

JSON