5.5

CVE-2025-37889

EPSS 0.02%
Veröffentlicht 09.05.2025 06:45:50
Zuletzt bearbeitet 17.11.2025 17:13:03
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ASoC: ops: Consistently treat platform_max as control value

This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in
snd_soc_put_volsw() by +min"), and makes some additional related
updates.

There are two ways the platform_max could be interpreted; the maximum
register value, or the maximum value the control can be set to. The
patch moved from treating the value as a control value to a register
one. When the patch was applied it was technically correct as
snd_soc_limit_volume() also used the register interpretation. However,
even then most of the other usages treated platform_max as a
control value, and snd_soc_limit_volume() has since been updated to
also do so in commit fb9ad24485087 ("ASoC: ops: add correct range
check for limiting volume"). That patch however, missed updating
snd_soc_put_volsw() back to the control interpretation, and fixing
snd_soc_info_volsw_range(). The control interpretation makes more
sense as limiting is typically done from the machine driver, so it is
appropriate to use the customer facing representation rather than the
internal codec representation. Update all the code to consistently use
this interpretation of platform_max.

Finally, also add some comments to the soc_mixer_control struct to
hopefully avoid further patches switching between the two approaches.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15.148 < 5.15.180

Linux ≫ Linux Kernel Version >= 6.1.74 < 6.1.132

Linux ≫ Linux Kernel Version >= 6.6.7 < 6.6.84

Linux ≫ Linux Kernel Version >= 6.7.1 < 6.12.20

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.8

Linux ≫ Linux Kernel Version6.7 Update-

Linux ≫ Linux Kernel Version6.7 Updaterc5

Linux ≫ Linux Kernel Version6.7 Updaterc6

Linux ≫ Linux Kernel Version6.7 Updaterc7

Linux ≫ Linux Kernel Version6.7 Updaterc8

Linux ≫ Linux Kernel Version6.14 Updaterc1

Linux ≫ Linux Kernel Version6.14 Updaterc2

Linux ≫ Linux Kernel Version6.14 Updaterc3

Linux ≫ Linux Kernel Version6.14 Updaterc4

Linux ≫ Linux Kernel Version6.14 Updaterc5

Linux ≫ Linux Kernel Version6.14 Updaterc6

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.032

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://git.kernel.org/stable/c/0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3

Patch

https://git.kernel.org/stable/c/296c8295ae34045da0214882628d49c1c060dd8a

Patch

https://git.kernel.org/stable/c/544055329560d4b64fe204fc6be325ebc24c72ca

Patch

https://git.kernel.org/stable/c/694110bc2407a61f02a770cbb5f39b51e4ec77c6

Patch

https://git.kernel.org/stable/c/a46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6

Patch

https://git.kernel.org/stable/c/c402f184a053c8e7ca325e50f04bbbc1e4fee019

Patch

https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-37889

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37889

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37889

EUVD