CVE-2025-39938
EUVD-2025-3240004.10.2025, 08:15
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink graph continues though and next call to q6apm_lpass_dai_prepare() receives dai_data->graph[dai->id]=NULL leading to NULL pointer exception: qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22 Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8 ... Call trace: q6apm_graph_media_format_pcm+0x48/0x120 (P) q6apm_lpass_dai_prepare+0x110/0x1b4 snd_soc_pcm_dai_prepare+0x74/0x108 __soc_pcm_prepare+0x44/0x160 dpcm_be_dai_prepare+0x124/0x1c0Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.154 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.108 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.49 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.16.9 |
| linux | linux_kernel | 6.17:rc1 |
| linux | linux_kernel | 6.17:rc2 |
| linux | linux_kernel | 6.17:rc3 |
| linux | linux_kernel | 6.17:rc4 |
| linux | linux_kernel | 6.17:rc5 |
| linux | linux_kernel | 6.17:rc6 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References