CVE-2025-71286
Memory Allocation Issue in Linux Kernel ASoC SOF IPC4 Topology
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability relates to incorrect memory allocation size in the Linux kernel's ASoC SOF ipc4-topology component for bytes controls. If unpatched, it could potentially lead to memory corruption issues due to insufficient memory allocation for control data. This might cause system instability or unexpected behavior in audio subsystem components that rely on this kernel module.
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to the ASoC SOF ipc4-topology component, specifically the allocation size for bytes controls. The issue was that the memory allocated behind scontrol->ipc_control_data did not correctly account for the full size of the data structure, which includes a kernel-only struct (sof_ipc4_control_data), an ABI header (sof_abi_hdr), and the payload. The max_size parameter only specified the size of the ABI header and payload, but the allocation did not include the additional kernel-only struct size. The fix involved changing the function to allocate enough memory to cover the entire data size, including the kernel-only struct, preventing potential memory issues.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information available regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.