CVE-2025-38438

EPSS 0.03%
Veröffentlicht 25.07.2025 16:15:29
Zuletzt bearbeitet 29.07.2025 14:14:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.

sof_pdata->tplg_filename can have address allocated by kstrdup()
and can be overwritten. Memory leak was detected with kmemleak:

unreferenced object 0xffff88812391ff60 (size 16):
  comm "kworker/4:1", pid 161, jiffies 4294802931
  hex dump (first 16 bytes):
    73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00  sof-hda-generic.
  backtrace (crc 4bf1675c):
    __kmalloc_node_track_caller_noprof+0x49c/0x6b0
    kstrdup+0x46/0xc0
    hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]
    sof_init_environment+0x16f/0xb50 [snd_sof]
    sof_probe_continue+0x45/0x7c0 [snd_sof]
    sof_probe_work+0x1e/0x40 [snd_sof]
    process_one_work+0x894/0x14b0
    worker_thread+0x5e5/0xfb0
    kthread+0x39d/0x760
    ret_from_fork+0x31/0x70
    ret_from_fork_asm+0x1a/0x30

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 68397fda2caa90e99a7c0bcb2cf604e42ef3b91f

Version dd96daca6c83ecaf37f38ff49d8d174bbff576b4

Status affected

Version < 58ecf51af12cb32b890858b52b2c34e80590c74a

Version dd96daca6c83ecaf37f38ff49d8d174bbff576b4

Status affected

Version < 6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e

Version dd96daca6c83ecaf37f38ff49d8d174bbff576b4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.2

Status affected

Version < 5.2

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.39

Status unaffected

Version <= 6.15.*

Version 6.15.7

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/58ecf51af12cb32b890858b52b2c34e80590c74a

https://git.kernel.org/stable/c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f

https://git.kernel.org/stable/c/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e

https://nvd.nist.gov/vuln/detail/CVE-2025-38438

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38438

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38438

EUVD