CVE-2025-40154

Linux Kernel - Out-of-Bounds Access via Invalid Quirk Input Mapping

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed.

Scores

EPSS 0.0019
EPSS Percentile 9.1%

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (25)
linux/Kernel 4.18.0 - 5.4.301linux
linux/Kernel 5.11.0 - 5.15.195linux
linux/Kernel 5.16.0 - 6.1.156linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.3linux
linux/Kernel 6.2.0 - 6.6.112linux
linux/Kernel 6.7.0 - 6.12.53linux
Linux/Linux < 4.18
Linux/Linux 063422ca2a9de238401c3848c1b3641c07b6316c - 29a41bf6422688f0c5a09b18222e1a64b2629fa4
Linux/Linux 063422ca2a9de238401c3848c1b3641c07b6316c - 2c27e047bdcba457ec953f7e90e4ed6d5f8aeb01
... and 15 more
Published Nov 12, 2025
Tracked Since Feb 18, 2026