NULL Pointer Dereference in Linux Kernel ALSA HDA Driver
CVE-2025-40098

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-40098?

A vulnerability in the ALSA HDA driver of the Linux kernel can lead to a NULL pointer dereference when the return value from the acpi_evaluate_dsm() function is not adequately checked before dereferencing. This issue arises when acpi_evaluate_object() returns an error status other than ACPI_SUCCESS, potentially causing the system to crash. A workaround has been implemented to add the necessary NULL checks to prevent such failures. This vulnerability was identified by the Linux Verification Center, emphasizing the importance of comprehensive testing and validation for driver stability.

Affected Version(s)

Linux 447106e92a0c86c332d40710436f38f64c322cd6

Linux 447106e92a0c86c332d40710436f38f64c322cd6 < 8527bbb33936340525a3504a00932b2f8fd75754

Linux 6.7

References

https://git.kernel.org/stable/c/b518386db2b993d786c431caa...

https://git.kernel.org/stable/c/8527bbb33936340525a3504a0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Apr 16, 2025

JSON