Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in ALSA HDA CS35L41 Codec

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ALSA HDA CS35L41 codec support. This issue arises in the 'cs35l41_hda_read_acpi' function, where the 'acpi_get_first_physical_node' can return NULL. If this occurs, the subsequent 'get_device' call also returns NULL, which is then improperly dereferenced, leading to a potential crash. The vulnerability has been addressed by adding a check to prevent the dereference of a NULL value.

Impact

Exploitation of this vulnerability can lead to a system crash due to a NULL pointer dereference.

Added: Dec 24, 2025, 12:26 PM

Updated: Dec 24, 2025, 12:26 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in ALSA HDA CS35L41 Codec

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating