Linux Kernel Vulnerability in ALSA Affecting Spin Lock Behavior
CVE-2025-40142

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40142?

A newly identified vulnerability in the Linux kernel relates to the Advanced Linux Sound Architecture (ALSA). It arises during the use of spin locks when handling interrupts, specifically in the context of the PREEMPT_RT kernel configuration. The flaw occurs because softirqs, which are intended to enable preemption, can still be invoked while a spin lock is held, potentially leading to a deadlock condition. The issue stems from the improper handling of softirq disabling before acquiring the lock, necessitating a fix to ensure softirqs are manually disabled beforehand.

Affected Version(s)

Linux d2d6422f8bd17c6bb205133e290625a564194496 < 63ee96c7f47df239ee0a6e8108b6bfd8c98334ae

Linux d2d6422f8bd17c6bb205133e290625a564194496 < 3969b6193cb7a45aa5fb4ec68f215e9e7f93d39a

Linux d2d6422f8bd17c6bb205133e290625a564194496 < 9fc4a3da9a0259a0500848b5d8657918efde176b

References

https://git.kernel.org/stable/c/63ee96c7f47df239ee0a6e810...

https://git.kernel.org/stable/c/3969b6193cb7a45aa5fb4ec68...

https://git.kernel.org/stable/c/9fc4a3da9a0259a0500848b5d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON