We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38438

ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.



Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and can be overwritten. Memory leak was detected with kmemleak: unreferenced object 0xffff88812391ff60 (size 16): comm "kworker/4:1", pid 161, jiffies 4294802931 hex dump (first 16 bytes): 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic. backtrace (crc 4bf1675c): __kmalloc_node_track_caller_noprof+0x49c/0x6b0 kstrdup+0x46/0xc0 hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic] sof_init_environment+0x16f/0xb50 [snd_sof] sof_probe_continue+0x45/0x7c0 [snd_sof] sof_probe_work+0x1e/0x40 [snd_sof] process_one_work+0x894/0x14b0 worker_thread+0x5e5/0xfb0 kthread+0x39d/0x760 ret_from_fork+0x31/0x70 ret_from_fork_asm+0x1a/0x30

Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 68397fda2caa90e99a7c0bcb2cf604e42ef3b91f
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 58ecf51af12cb32b890858b52b2c34e80590c74a
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e
affected

Default status
affected

6.12.39
unaffected

6.15.7
unaffected

6.16-rc4
unaffected

References

git.kernel.org/...c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f

git.kernel.org/...c/58ecf51af12cb32b890858b52b2c34e80590c74a

git.kernel.org/...c/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e

cve.org (CVE-2025-38438)

nvd.nist.gov (CVE-2025-38438)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38438

Support options

Helpdesk Chat, Email, Knowledgebase