CVE-2025-38307

MEDIUM

Linux Kernel 6.2-6.6.93, 6.7-6.12.33, 6.13-6.15.2 - Null Pointer Dereference in ASoC Intel AVS parse_int_array()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parse_int_array() The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/cc03c899e6d9812b25c3754c9a95c3830c4aec26

Patch

https://git.kernel.org/stable/c/18ff538aac63de1866e5a49d57e22788b5c21d12

Patch

https://git.kernel.org/stable/c/2916794ffbce604cc2cda105f6b8a4a7c748dd7f

Patch

https://git.kernel.org/stable/c/93e246b6769bdacb09cfff4ea0f00fe5ab4f0d7a

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 6.13.0 - 6.15.3linux

linux/Kernel 6.2.0 - 6.6.94linux

linux/Kernel 6.7.0 - 6.12.34linux

Linux/Linux < 6.2

Linux/Linux 5a565ba23abe478f3d4c3b0c8798bcb5215b82f5 - 18ff538aac63de1866e5a49d57e22788b5c21d12

Linux/Linux 5a565ba23abe478f3d4c3b0c8798bcb5215b82f5 - 2916794ffbce604cc2cda105f6b8a4a7c748dd7f

Linux/Linux 5a565ba23abe478f3d4c3b0c8798bcb5215b82f5 - 93e246b6769bdacb09cfff4ea0f00fe5ab4f0d7a

Linux/Linux 5a565ba23abe478f3d4c3b0c8798bcb5215b82f5 - cc03c899e6d9812b25c3754c9a95c3830c4aec26

Linux/Linux 6.12.34 - 6.12.*

Linux/Linux 6.15.3 - 6.15.*

... and 4 more

Published Jul 10, 2025

Tracked Since Feb 18, 2026