CVE-2025-39959
BaseFortify
Publication date: 2025-10-09
Last updated on: 2026-02-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | From 6.15 (inc) to 6.16.9 (inc) |
| amd | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's AMD ACP I2S driver was caused by incorrect retrieval of acp_chip_info data using dev_get_platdata(dev) instead of dev_get_drvdata(dev->parent). This led to some members not being updated properly, potentially causing null pointer dereferences. The fix ensures that all relevant functions correctly obtain acp_chip_info to prevent these null pointer dereference issues.
How can this vulnerability impact me? :
The vulnerability could lead to null pointer dereferences in the AMD ACP I2S driver, which may cause system instability or crashes when the affected driver functions are executed. This could impact the reliability of audio-related functionality on affected Linux systems.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for correct retrieval of acp_chip_info in the acp I2S driver. This fix replaces dev_get_platdata(dev) with dev_get_drvdata(dev->parent) to prevent null pointer dereferences. Applying the latest kernel patches or updates from your Linux distribution that address this issue is recommended.