CVE-2025-37889

MEDIUM EPSS 12.5%
Published May 9, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 9, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min"), and makes some additional related updates. There are two ways the platform_max could be interpreted; the maximum register value, or the maximum value the control can be set to. The patch moved from treating the value as a control value to a register one. When the patch was applied it was technically correct as snd_soc_limit_volume() also used the register interpretation. However, even then most of the other usages treated platform_max as a control value, and snd_soc_limit_volume() has since been updated to also do so in commit fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume"). That patch however, missed updating snd_soc_put_volsw() back to the control interpretation, and fixing snd_soc_info_volsw_range(). The control interpretation makes more sense as limiting is typically done from the machine driver, so it is appropriate to use the customer facing representation rather than the internal codec representation. Update all the code to consistently use this interpretation of platform_max. Finally, also add some comments to the soc_mixer_control struct to hopefully avoid further patches switching between the two approaches.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
12.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 17

VendorProductVersionRange
linuxlinux_kernel*≥5.15.148  –  <5.15.180
linuxlinux_kernel*≥6.1.74  –  <6.1.132
linuxlinux_kernel*≥6.6.7  –  <6.6.84
linuxlinux_kernel*≥6.7.1  –  <6.12.20
linuxlinux_kernel*≥6.13  –  <6.13.8
linuxlinux_kernel6.7any
linuxlinux_kernel6.7any
linuxlinux_kernel6.7any
linuxlinux_kernel6.7any
linuxlinux_kernel6.7any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
debiandebian_linux11.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/296c8295ae34045da0214882628d49c1c060dd8a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/544055329560d4b64fe204fc6be325ebc24c72ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/694110bc2407a61f02a770cbb5f39b51e4ec77c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c402f184a053c8e7ca325e50f04bbbc1e4fee019
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing List

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/296c8295ae34045da0214882628d49c1c060dd8a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/544055329560d4b64fe204fc6be325ebc24c72ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/694110bc2407a61f02a770cbb5f39b51e4ec77c6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c402f184a053c8e7ca325e50f04bbbc1e4fee019
    Patch