CVE-2025-40338

Linux Kernel 5.19-6.17.7 - Use-After-Free in ASoC AVS Component Name Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of operations - since commit cee28113db17 ("ASoC: dmaengine_pcm: Allow passing component name via config") the framework does not override component->name if set before invoking the initializer.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/128bf29c992988f8b4f3829227339908fde5ec86

Patch

https://git.kernel.org/stable/c/4dee5c1cc439b0d5ef87f741518268ad6a95b23d

Scores

EPSS 0.0003

EPSS Percentile 8.0%

Details

Status published

Products (7)

linux/Kernel 5.19.0 - 6.17.8linux

Linux/Linux < 5.19

Linux/Linux 5.19

Linux/Linux 6.17.8 - 6.17.*

Linux/Linux 6.18

Linux/Linux f1b3b320bd6519b16e3480f74f2926d106e3bcba - 128bf29c992988f8b4f3829227339908fde5ec86

Linux/Linux f1b3b320bd6519b16e3480f74f2926d106e3bcba - 4dee5c1cc439b0d5ef87f741518268ad6a95b23d

Published Dec 09, 2025

Tracked Since Feb 18, 2026