-
CVE-2025-40097
- EPSS 0.02%
- Veröffentlicht 30.10.2025 09:48:04
- Zuletzt bearbeitet 24.11.2025 10:16:01
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix missing pointer check in hda_component_manager_init function
The __component_match_add function may assign the 'matchptr' pointer
the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced.
The call stack leading to the error looks like this:
hda_component_manager_init
|-> component_match_add
|-> component_match_add_release
|-> __component_match_add ( ... ,**matchptr, ... )
|-> *matchptr = ERR_PTR(-ENOMEM); // assign
|-> component_master_add_with_match( ... match)
|-> component_match_realloc(match, match->num); // dereference
Add IS_ERR() check to prevent the crash.
Found by Linux Verification Center (linuxtesting.org) with SVACE.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
218a8504e62fc2c8a1fd12523346b7a2b9bd2474
Version
ae7abe36e352eddf8e30d3b1ea3fb402514ba13b
Status
affected
Version <
47d1b9ca923b55c3f407788f1f15b04957e0e027
Version
ae7abe36e352eddf8e30d3b1ea3fb402514ba13b
Status
affected
Version <
1cf11d80db5df805b538c942269e05a65bcaf5bc
Version
ae7abe36e352eddf8e30d3b1ea3fb402514ba13b
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.17
Status
affected
Version <
5.17
Version
0
Status
unaffected
Version <=
6.12.*
Version
6.12.59
Status
unaffected
Version <=
6.17.*
Version
6.17.5
Status
unaffected
Version <=
*
Version
6.18
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.055 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|