Linux Kernel Vulnerability in Intel ASoC Audio Driver
CVE-2025-40344

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-40344?

A vulnerability exists in the Linux kernel's handling of the ASoC Intel audio driver, specifically within the avs_dai_fe_shutdown() function. This issue arises during the shutdown process of the HOST HDAudio stream, as the function attempts to free the DAI's private context without properly synchronizing the period-elapsed work that services its IRQs. The lack of synchronization may lead to slab-use-after-free errors, potentially causing system instability or crashes.

Affected Version(s)

Linux 0dbb186c3510cad4e9f443e801bf2e6ab5770c00

Linux 0dbb186c3510cad4e9f443e801bf2e6ab5770c00 < 845f716dc5f354c719f6fda35048b6c2eca99331

References

https://git.kernel.org/stable/c/ca6d2b7aca778afbf8c0c4b33...

https://git.kernel.org/stable/c/b41fca4aa60be896ba8a81b57...

https://git.kernel.org/stable/c/845f716dc5f354c719f6fda35...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON