CVE-2025-71286

EUVD-2025-209677
In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls

The size of the data behind of scontrol->ipc_control_data for bytes
controls is:
[1] sizeof(struct sof_ipc4_control_data) + // kernel only struct
[2] sizeof(struct sof_abi_hdr)) + payload

The max_size specifies the size of [2] and it is coming from topology.

Change the function to take this into account and allocate adequate amount
of memory behind scontrol->ipc_control_data.

With the change we will allocate [1] amount more memory to be able to hold
the full size of data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.4 ≤
𝑥
< 6.6.128
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.75
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.16
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/1237cd9ff198cb882402572f29569e5247190974
https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1
https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfbf988ee455c23736
https://git.kernel.org/stable/c/a653820700b81c9e6f05ac23b7969ecec1a18e85
https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2c3165ad0b541896