Primary

Context

Linux Kernel Intel ASoC AVS Component Name Pointer Use-After-Free Vulnerability

Vulnerability

Patched

A use-after-free vulnerability has been addressed in the Linux kernel's ASoC Intel AVS component. The issue arose from directly sharing the 'name' pointer between components, which could lead to use-after-free errors when tearing down components. The vulnerability affects the ASoC framework, specifically in how component names are handled. The problem has been resolved by duplicating the name to prevent such errors. Additionally, the order of operations has been updated, as the framework previously did not override component names set before initialization, allowing for potential inconsistencies.

Impact

The vulnerability could lead to use-after-free errors, potentially allowing for memory corruption or exploitation through dangling pointers.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Dec 9, 2025, 8:22 PM

Updated: Dec 9, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Intel ASoC AVS Component Name Pointer Use-After-Free Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating