CVE-2025-38706

MEDIUM EPSS 7.6%
Published Sep 4, 20259mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Sep 4, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as ignore due to missing hardware component on the system. On module removal the soc_tplg_remove_link() would call snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored, no runtime was created.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
7.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.6  –  <5.10.241
linuxlinux_kernel*≥5.11  –  <5.15.190
linuxlinux_kernel*≥5.16  –  <6.1.149
linuxlinux_kernel*≥6.2  –  <6.6.103
linuxlinux_kernel*≥6.7  –  <6.12.43
linuxlinux_kernel*≥6.13  –  <6.15.11
linuxlinux_kernel*≥6.16  –  <6.16.2
debiandebian_linux11.0any

References 11

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-032379.html
  • git.kernel.org https://git.kernel.org/stable/c/2d91cb261cac6d885954b8f5da28b5c176c18131
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2fce20decc6a83f16dd73744150c4e7ea6c97c21
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41f53afe53a57a7c50323f99424b598190acf192
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ce0a7255ce97ed7c54afae83fdbce712a1f0c9e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f8fc03712194fd4e2df28af7f7f7a38205934ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82ba7b8cf9f6e3bf392a9f08ba3d1c0b200ccb94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7122882b4b60b1a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cecc65827ef3df9754e097582d89569139e6cd1e
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2d91cb261cac6d885954b8f5da28b5c176c18131
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2fce20decc6a83f16dd73744150c4e7ea6c97c21
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41f53afe53a57a7c50323f99424b598190acf192
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ce0a7255ce97ed7c54afae83fdbce712a1f0c9e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f8fc03712194fd4e2df28af7f7f7a38205934ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82ba7b8cf9f6e3bf392a9f08ba3d1c0b200ccb94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8b465bedc2b417fd27c1d1ab7122882b4b60b1a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cecc65827ef3df9754e097582d89569139e6cd1e
    Patch