Linux Kernel RT5645 ASoC Component Use-After-Free Vulnerability

Vulnerability

A logic error in the Linux kernel's handling of the RT5645 audio component can lead to a use-after-free vulnerability. This issue arises in the ASoC (ALSA System on Chip) layer when the RT5645 device is removed. The removal function, rt5645_i2c_remove(), incorrectly manages the order of operations by first canceling a work item related to jack detection and then deleting a timer associated with button checks. This flawed sequence can cause the timer's callback function to reschedule the canceled work, creating a potential use-after-free scenario. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel RT5645 ASoC Component Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating