CVE-2025-38706

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()

snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was created.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 8b465bedc2b417fd27c1d1ab7122882b4b60b1a0affected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 82ba7b8cf9f6e3bf392a9f08ba3d1c0b200ccb94affected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 7f8fc03712194fd4e2df28af7f7f7a38205934efaffected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 41f53afe53a57a7c50323f99424b598190acf192affected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 2fce20decc6a83f16dd73744150c4e7ea6c97c21affected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < cecc65827ef3df9754e097582d89569139e6cd1eaffected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 7ce0a7255ce97ed7c54afae83fdbce712a1f0c9eaffected
LinuxLinux50cd9b5317d5593d0a33f4227f56ddcc1bf66604 < 2d91cb261cac6d885954b8f5da28b5c176c18131affected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux5.10.241 <= 5.10.*unaffected
LinuxLinux5.15.190 <= 5.15.*unaffected
LinuxLinux6.1.149 <= 6.1.*unaffected
LinuxLinux6.6.103 <= 6.6.*unaffected
LinuxLinux6.12.43 <= 6.12.*unaffected
LinuxLinux6.15.11 <= 6.15.*unaffected
LinuxLinux6.16.2 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

Additional References

References