Linux Kernel ALSA Component Pointer Issue
CVE-2025-40097

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40097?

A pointer dereference vulnerability was identified in the Linux kernel's ALSA subsystem. Specifically, within the hda_component_manager_init function, a pointer may be assigned an error value using ERR_PTR(-ENOMEM), which could lead to unintended behavior when subsequently dereferenced. This issue arises from the __component_match_add function, where a lack of appropriate pointer validation can result in a crash. To enhance system stability and prevent exploitation, an IS_ERR() check has been introduced in order to validate the pointer before dereference, ensuring robust handling of error conditions.

Affected Version(s)

Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b < 47d1b9ca923b55c3f407788f1f15b04957e0e027

Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b < 1cf11d80db5df805b538c942269e05a65bcaf5bc

Linux 5.17

References

https://git.kernel.org/stable/c/47d1b9ca923b55c3f407788f1...

https://git.kernel.org/stable/c/1cf11d80db5df805b538c9422...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON