CVE-2025-71286
Awaiting Analysis Awaiting Analysis - Queue
Memory Allocation Issue in Linux Kernel ASoC SOF IPC4 Topology

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_ipc4_control_data) + // kernel only struct [2] sizeof(struct sof_abi_hdr)) + payload The max_size specifies the size of [2] and it is coming from topology. Change the function to take this into account and allocate adequate amount of memory behind scontrol->ipc_control_data. With the change we will allocate [1] amount more memory to be able to hold the full size of data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71286
EUVD
EUVD-2025-209677
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel relates to the ASoC SOF ipc4-topology component, specifically the allocation size for bytes controls. The issue was that the memory allocated behind scontrol->ipc_control_data did not correctly account for the full size of the data structure, which includes a kernel-only struct (sof_ipc4_control_data), an ABI header (sof_abi_hdr), and the payload. The max_size parameter only specified the size of the ABI header and payload, but the allocation did not include the additional kernel-only struct size. The fix involved changing the function to allocate enough memory to cover the entire data size, including the kernel-only struct, preventing potential memory issues.

Impact Analysis

This vulnerability relates to incorrect memory allocation size in the Linux kernel's ASoC SOF ipc4-topology component for bytes controls. If unpatched, it could potentially lead to memory corruption issues due to insufficient memory allocation for control data. This might cause system instability or unexpected behavior in audio subsystem components that rely on this kernel module.

Compliance Impact

There is no information available regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71286. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart