Primary

Context

Linux Kernel Buffer Overflow Vulnerability in ASoC Intel AVS Component

Vulnerability

Patched

A buffer overflow vulnerability has been addressed in the Linux kernel's ASoC Intel AVS component. The issue arose when firmware returned an invalid receive size for the LARGE_CONFIG_GET message, leading the memcpy_fromio() function to copy excessive data. This vulnerability could potentially be exploited to cause a buffer overflow. The problem has been fixed by using the min_t() function to limit the maximum size of the data being copied.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, which may allow for arbitrary code execution or causing a crash by overwriting the return address on the stack.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is 23ae34e033b2c0e5e88237af82b163b296fd6aa9.

Added: Sep 15, 2025, 6:30 PM

Updated: Sep 15, 2025, 6:30 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Buffer Overflow Vulnerability in ASoC Intel AVS Component

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating