Linux Kernel ALSA Component Pointer Issue
CVE-2025-40097

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 October 2025

What is CVE-2025-40097?

A pointer dereference vulnerability was identified in the Linux kernel's ALSA subsystem. Specifically, within the hda_component_manager_init function, a pointer may be assigned an error value using ERR_PTR(-ENOMEM), which could lead to unintended behavior when subsequently dereferenced. This issue arises from the __component_match_add function, where a lack of appropriate pointer validation can result in a crash. To enhance system stability and prevent exploitation, an IS_ERR() check has been introduced in order to validate the pointer before dereference, ensuring robust handling of error conditions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b < 218a8504e62fc2c8a1fd12523346b7a2b9bd2474

Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b < 47d1b9ca923b55c3f407788f1f15b04957e0e027

Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b < 1cf11d80db5df805b538c942269e05a65bcaf5bc

References

https://git.kernel.org/stable/c/218a8504e62fc2c8a1fd12523...
https://git.kernel.org/stable/c/47d1b9ca923b55c3f407788f1...
https://git.kernel.org/stable/c/1cf11d80db5df805b538c9422...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.