Use-After-Free Vulnerability in Intel ASoC Components in Linux Kernel
CVE-2025-40338

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
9 December 2025

What is CVE-2025-40338?

A vulnerability in the Linux kernel's ASoC (ALSA System on Chip) subsystem allows components to share a name pointer directly, leading to potential use-after-free errors during component teardown. To mitigate this issue, the name should be duplicated to prevent sharing, which can cause unexpected behavior or crashes in the kernel. The vulnerability highlights the importance of careful management of memory and component initialization in the kernel.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f1b3b320bd6519b16e3480f74f2926d106e3bcba < 128bf29c992988f8b4f3829227339908fde5ec86

Linux f1b3b320bd6519b16e3480f74f2926d106e3bcba < 4dee5c1cc439b0d5ef87f741518268ad6a95b23d

Linux 5.19

References

https://git.kernel.org/stable/c/128bf29c992988f8b4f382922...
https://git.kernel.org/stable/c/4dee5c1cc439b0d5ef87f7415...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.