CVE-2025-40097

EPSS 0.02%
Veröffentlicht 30.10.2025 09:48:04
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ALSA: hda: Fix missing pointer check in hda_component_manager_init function

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix missing pointer check in hda_component_manager_init function

The __component_match_add function may assign the 'matchptr' pointer
the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced.

The call stack leading to the error looks like this:

hda_component_manager_init
|-> component_match_add
    |-> component_match_add_release
        |-> __component_match_add ( ... ,**matchptr, ... )
            |-> *matchptr = ERR_PTR(-ENOMEM);       // assign
|-> component_master_add_with_match( ...  match)
    |-> component_match_realloc(match, match->num); // dereference

Add IS_ERR() check to prevent the crash.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version ae7abe36e352eddf8e30d3b1ea3fb402514ba13b

Version < 218a8504e62fc2c8a1fd12523346b7a2b9bd2474

Status affected

Version ae7abe36e352eddf8e30d3b1ea3fb402514ba13b

Version < 47d1b9ca923b55c3f407788f1f15b04957e0e027

Status affected

Version ae7abe36e352eddf8e30d3b1ea3fb402514ba13b

Version < 1cf11d80db5df805b538c942269e05a65bcaf5bc

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.17

Status affected

Version 0

Version < 5.17

Status unaffected

Version <= 6.12.*

Version 6.12.59

Status unaffected

Version <= 6.17.*

Version 6.17.5

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/47d1b9ca923b55c3f407788f1f15b04957e0e027

https://git.kernel.org/stable/c/1cf11d80db5df805b538c942269e05a65bcaf5bc

https://git.kernel.org/stable/c/218a8504e62fc2c8a1fd12523346b7a2b9bd2474

https://nvd.nist.gov/vuln/detail/CVE-2025-40097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40097

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40097