We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-37889

ASoC: ops: Consistently treat platform_max as control value



Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min"), and makes some additional related updates. There are two ways the platform_max could be interpreted; the maximum register value, or the maximum value the control can be set to. The patch moved from treating the value as a control value to a register one. When the patch was applied it was technically correct as snd_soc_limit_volume() also used the register interpretation. However, even then most of the other usages treated platform_max as a control value, and snd_soc_limit_volume() has since been updated to also do so in commit fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume"). That patch however, missed updating snd_soc_put_volsw() back to the control interpretation, and fixing snd_soc_info_volsw_range(). The control interpretation makes more sense as limiting is typically done from the machine driver, so it is appropriate to use the customer facing representation rather than the internal codec representation. Update all the code to consistently use this interpretation of platform_max. Finally, also add some comments to the soc_mixer_control struct to hopefully avoid further patches switching between the two approaches.

Reserved 2025-04-16 | Published 2025-05-09 | Updated 2025-05-10 | Assigner Linux

Product status

Default status
unaffected

c11fc224e58e7972ffd05b8f25e9b1d6a0b8d562 before c402f184a053c8e7ca325e50f04bbbc1e4fee019
affected

a50562146d6c7650029a115c96ef9aaa7648c344 before 694110bc2407a61f02a770cbb5f39b51e4ec77c6
affected

395e52b7a1ad01e1b51adb09854a0aa5347428de before 544055329560d4b64fe204fc6be325ebc24c72ca
affected

fb9ad24485087e0f00d84bee7a5914640b2b9024 before a46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6
affected

fb9ad24485087e0f00d84bee7a5914640b2b9024 before 296c8295ae34045da0214882628d49c1c060dd8a
affected

fb9ad24485087e0f00d84bee7a5914640b2b9024 before 0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3
affected

Default status
affected

6.7
affected

Any version before 6.7
unaffected

5.15.180
unaffected

6.1.132
unaffected

6.6.84
unaffected

6.12.20
unaffected

6.13.8
unaffected

6.14
unaffected

References

git.kernel.org/...c/c402f184a053c8e7ca325e50f04bbbc1e4fee019

git.kernel.org/...c/694110bc2407a61f02a770cbb5f39b51e4ec77c6

git.kernel.org/...c/544055329560d4b64fe204fc6be325ebc24c72ca

git.kernel.org/...c/a46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6

git.kernel.org/...c/296c8295ae34045da0214882628d49c1c060dd8a

git.kernel.org/...c/0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3

cve.org (CVE-2025-37889)

nvd.nist.gov (CVE-2025-37889)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-37889

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.