Linux Kernel ASoC Simple Card Utils Device Node Memory Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's ASoC (ALSA System on Chip) simple card utilities has been addressed. The issue arose from improper memory management of device node references. Specifically, the function 'graph_util_parse_dai()' incorrectly used '__free(device_node)' to release the device node while it was still needed by the driver. This could potentially lead to use-after-free scenarios or other memory-related issues.

Impact

The vulnerability could cause use-after-free conditions, leading to memory corruption or other undefined behaviors.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ASoC Simple Card Utils Device Node Memory Management Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating