NULL Dereference in Linux Kernel ASoC Module Affecting AMD Sound Drivers
CVE-2025-40162

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40162?

In the Linux kernel's ASoC module, a vulnerability has been identified where the function devm_kasprintf() can return NULL due to memory allocation failures. The initial debug message attempts to access cpus->dai_name before verifying if the return value is NULL, leading to a potential NULL pointer dereference. This flaw emphasizes the need for secure coding practices, specifically the need to validate pointers before use.

To mitigate this issue, developers should ensure that they implement appropriate checks after memory allocations and follow best practices in error handling to prevent similar vulnerabilities in future code developments.

Affected Version(s)

Linux cb8ea62e6402067ba092d4c1d66a9440513a572b < 095d692e5997ece300c89f10d903d5230090e6a0

Linux cb8ea62e6402067ba092d4c1d66a9440513a572b

Linux cb8ea62e6402067ba092d4c1d66a9440513a572b < 5726b68473f7153a7f6294185e5998b7e2a230a2

References

https://git.kernel.org/stable/c/095d692e5997ece300c89f10d...

https://git.kernel.org/stable/c/a1cccbd19676fc36854535a71...

https://git.kernel.org/stable/c/5726b68473f7153a7f6294185...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON