CVE-2025-40097

Linux Kernel 5.17-6.12.58, 6.13-6.17.4, 6.18 - Denial of Service via Missing Pointer Check in hda_component_manager_init

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced. The call stack leading to the error looks like this: hda_component_manager_init |-> component_match_add |-> component_match_add_release |-> __component_match_add ( ... ,**matchptr, ... ) |-> *matchptr = ERR_PTR(-ENOMEM); // assign |-> component_master_add_with_match( ... match) |-> component_match_realloc(match, match->num); // dereference Add IS_ERR() check to prevent the crash. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Scores

EPSS 0.0018
EPSS Percentile 7.8%

Details

Status published
Products (10)
linux/Kernel 5.17.0 - 6.12.59linux
linux/Kernel 6.13.0 - 6.17.5linux
Linux/Linux < 5.17
Linux/Linux 5.17
Linux/Linux 6.12.59 - 6.12.*
Linux/Linux 6.17.5 - 6.17.*
Linux/Linux 6.18
Linux/Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b - 1cf11d80db5df805b538c942269e05a65bcaf5bc
Linux/Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b - 218a8504e62fc2c8a1fd12523346b7a2b9bd2474
Linux/Linux ae7abe36e352eddf8e30d3b1ea3fb402514ba13b - 47d1b9ca923b55c3f407788f1f15b04957e0e027
Published Oct 30, 2025
Tracked Since Feb 18, 2026