Primary

Context

Linux Kernel ASoC Component Driver NULL Pointer Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's ASoC (ALSA System on Chip) component handling can lead to a NULL pointer dereference. This issue arises in 'soc-generic-dmaengine-pcm.c', where the same device is used for both CPU and Platform components. If the CPU component driver lacks a specified name, the function 'snd_soc_lookup_component_nolocked()' will attempt to access a NULL pointer, causing a crash. The vulnerability has been addressed by modifying the component lookup function to properly handle cases where the driver name is absent.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a system crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archive.

Added: Oct 1, 2025, 8:52 AM

Updated: Oct 1, 2025, 8:52 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ASoC Component Driver NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating