Memory Allocation Flaw in Linux Kernel Affects SOF IPC4 Topology
CVE-2025-71286

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2025-71286?

A memory allocation vulnerability has been identified in the Linux kernel, specifically impacting the SOF IPC4 topology. The issue arises from an incorrect calculation of the memory size allocated for byte controls within the scontrol->ipc_control_data structure. The problem stems from the max_size parameter, which only accounts for part of the required memory. As a result, the kernel may fail to allocate sufficient space, leading to potential data handling problems. The kernel has been updated to ensure that the necessary amount of memory is allocated, thus enhancing the robustness of the IPC4 control data handling.

Affected Version(s)

Linux a382082ff74b036944cbc5b6ad29b65f633acd3a < 59fe643f21b9d59bcbedb0dfbf988ee455c23736

Linux a382082ff74b036944cbc5b6ad29b65f633acd3a < 491956b45b5f4933632ea6d8a8bdfdf045ab81e1

Linux a382082ff74b036944cbc5b6ad29b65f633acd3a

References

https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfb...

https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a...

https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 6, 2026

CVE-2025-71286 Data

JSON