CVE-2025-38438

EUVD-2025-22703
In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.

sof_pdata->tplg_filename can have address allocated by kstrdup()
and can be overwritten. Memory leak was detected with kmemleak:

unreferenced object 0xffff88812391ff60 (size 16):
  comm "kworker/4:1", pid 161, jiffies 4294802931
  hex dump (first 16 bytes):
    73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00  sof-hda-generic.
  backtrace (crc 4bf1675c):
    __kmalloc_node_track_caller_noprof+0x49c/0x6b0
    kstrdup+0x46/0xc0
    hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]
    sof_init_environment+0x16f/0xb50 [snd_sof]
    sof_probe_continue+0x45/0x7c0 [snd_sof]
    sof_probe_work+0x1e/0x40 [snd_sof]
    process_one_work+0x894/0x14b0
    worker_thread+0x5e5/0xfb0
    kthread+0x39d/0x760
    ret_from_fork+0x31/0x70
    ret_from_fork_asm+0x1a/0x30
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.2 ≤
𝑥
< 6.12.39
linuxlinux_kernel
6.13 ≤
𝑥
< 6.15.7
linuxlinux_kernel
6.16:rc1
linuxlinux_kernel
6.16:rc2
linuxlinux_kernel
6.16:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.7-1
fixed
sid
7.0.7-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.88-1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
kernel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug-devel-matched
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-debug-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-devel-matched
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-64k-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-abi-stablelists
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-devel-matched
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-debug-uki-virt
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-devel-matched
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-doc
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-debug
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-debug-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-debug-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-debug-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-debug-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-debug-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-64k-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-debug
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-debug-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-debug-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-debug-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-debug-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-debug-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-rt-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-tools
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-tools-libs
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-tools-libs-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-uki-virt
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-uki-virt-addons
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump-devel
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump-devel-matched
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump-modules
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump-modules-core
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
kernel-zfcpdump-modules-extra
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
libperf
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
perf
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
python3-perf
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
rtla
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
rv
RHEL 9
0:5.14.0-611.5.1.el9_7
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/58ecf51af12cb32b890858b52b2c34e80590c74a
https://git.kernel.org/stable/c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f
https://git.kernel.org/stable/c/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e