Use-After-Free Vulnerability in Intel ASoC Components in Linux Kernel
CVE-2025-40338

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40338?

A vulnerability in the Linux kernel's ASoC (ALSA System on Chip) subsystem allows components to share a name pointer directly, leading to potential use-after-free errors during component teardown. To mitigate this issue, the name should be duplicated to prevent sharing, which can cause unexpected behavior or crashes in the kernel. The vulnerability highlights the importance of careful management of memory and component initialization in the kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 128bf29c992988f8b4f3829227339908fde5ec86

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4dee5c1cc439b0d5ef87f741518268ad6a95b23d

Linux 6.17.8 <= 6.17.*

References

https://git.kernel.org/stable/c/128bf29c992988f8b4f382922...

https://git.kernel.org/stable/c/4dee5c1cc439b0d5ef87f7415...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON