Primary

Context

Linux Kernel IPC4 Topology NULL Dereference Vulnerability in ASoC SOF

Vulnerability

Patched

A vulnerability in the Linux kernel's ASoC SOF component can lead to a NULL pointer dereference. This issue occurs when an IPC4 topology includes an unsupported widget, causing its .module_info field to remain unset. As a result, the function sof_ipc4_route_setup() attempts to dereference a NULL pointer, leading to a kernel Oops error. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel Oops, indicating a NULL pointer dereference, which can lead to a system crash or instability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux kernel official website.

Added: Dec 30, 2025, 3:21 PM

Updated: Dec 30, 2025, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IPC4 Topology NULL Dereference Vulnerability in ASoC SOF

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating