CVE-2025-39892
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-39892, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-01

Last updated on: 2025-12-12

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked() soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver->name, then snd_soc_lookup_component_nolocked() will be NULL pointer access error. Care NULL driver name. Call trace: strcmp from snd_soc_lookup_component_nolocked+0x64/0xa4 snd_soc_lookup_component_nolocked from snd_soc_unregister_component_by_driver+0x2c/0x44 snd_soc_unregister_component_by_driver from snd_dmaengine_pcm_unregister+0x28/0x64 snd_dmaengine_pcm_unregister from devres_release_all+0x98/0xfc devres_release_all from device_unbind_cleanup+0xc/0x60 device_unbind_cleanup from really_probe+0x220/0x2c8 really_probe from __driver_probe_device+0x88/0x1a0 __driver_probe_device from driver_probe_device+0x30/0x110 driver_probe_device from __driver_attach+0x90/0x178 __driver_attach from bus_for_each_dev+0x7c/0xcc bus_for_each_dev from bus_add_driver+0xcc/0x1ec bus_add_driver from driver_register+0x80/0x11c driver_register from do_one_initcall+0x58/0x23c do_one_initcall from kernel_init_freeable+0x198/0x1f4 kernel_init_freeable from kernel_init+0x1c/0x12c kernel_init from ret_from_fork+0x14/0x28

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-01
Last Modified
2025-12-12
Generated
2026-07-06
AI Q&A
2025-10-01
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.16 (inc) to 6.16.6 (exc)
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17
linux linux_kernel 6.17

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's ASoC soc-core component, where a NULL pointer dereference can happen due to a missing driver name in the snd_soc_lookup_component_nolocked() function. Specifically, when the same device is used for both CPU and Platform in soc-generic-dmaengine-pcm.c, the CPU component driver might lack a driver name, leading to a NULL pointer access error during component lookup.

Impact Analysis

The impact of this vulnerability is a NULL pointer dereference error in the Linux kernel, which can cause system instability or crashes when the affected audio subsystem components are probed or unregistered. This could lead to denial of service or unexpected behavior in systems using the affected kernel components.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39892. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart