CVE-2025-38438
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38438
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38438.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38438
- Downstream
- Published
- 2025-07-25T15:27:17Z
- Modified
- 2025-10-18T04:12:53.616979Z
- Summary
- ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
sofpdata->tplgfilename can have address allocated by kstrdup() and can be overwritten. Memory leak was detected with kmemleak:
unreferenced object 0xffff88812391ff60 (size 16): comm "kworker/4:1", pid 161, jiffies 4294802931 hex dump (first 16 bytes): 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic. backtrace (crc 4bf1675c): _kmallocnodetrackcallernoprof+0x49c/0x6b0 kstrdup+0x46/0xc0 hdamachineselect.cold+0x1de/0x12cf [sndsofintelhdageneric] sofinitenvironment+0x16f/0xb50 [sndsof] sofprobecontinue+0x45/0x7c0 [sndsof] sofprobework+0x1e/0x40 [sndsof] processonework+0x894/0x14b0 workerthread+0x5e5/0xfb0 kthread+0x39d/0x760 retfromfork+0x31/0x70 retfromforkasm+0x1a/0x30
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd96daca6c83ecaf37f38ff49d8d174bbff576b4Fixed68397fda2caa90e99a7c0bcb2cf604e42ef3b91f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd96daca6c83ecaf37f38ff49d8d174bbff576b4Fixed58ecf51af12cb32b890858b52b2c34e80590c74a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd96daca6c83ecaf37f38ff49d8d174bbff576b4Fixed6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e
Affected versions
v5.*
v5.1
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.2
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7
v5.3
v5.3-rc1
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212239855646079141054035795896040526151",
"225699834878722730833964816877033040333",
"233417052566732885172086348519357925326",
"80181376263559919221253921155714228486",
"221673397874697028435302470228832628358",
"291724406661902967204201779603961688668",
"27710276637596894459823193960377675119",
"315372920370446032088328975287276801257",
"311617387749679296681663560719811646191",
"114099437422639194165571593993014216368",
"110382567661216716074474562983339313224"
]
},
"signature_type": "Line",
"target": {
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e",
"signature_version": "v1",
"id": "CVE-2025-38438-76fddaac"
},
{
"digest": {
"function_hash": "79498682410547453448406374083626274736",
"length": 4581.0
},
"signature_type": "Function",
"target": {
"function": "hda_machine_select",
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68397fda2caa90e99a7c0bcb2cf604e42ef3b91f",
"signature_version": "v1",
"id": "CVE-2025-38438-941b3d92"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212239855646079141054035795896040526151",
"225699834878722730833964816877033040333",
"233417052566732885172086348519357925326",
"80181376263559919221253921155714228486",
"221673397874697028435302470228832628358",
"291724406661902967204201779603961688668",
"27710276637596894459823193960377675119",
"315372920370446032088328975287276801257",
"311617387749679296681663560719811646191",
"114099437422639194165571593993014216368",
"110382567661216716074474562983339313224"
]
},
"signature_type": "Line",
"target": {
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58ecf51af12cb32b890858b52b2c34e80590c74a",
"signature_version": "v1",
"id": "CVE-2025-38438-98e6b953"
},
{
"digest": {
"function_hash": "20272822852593275067827663853142210668",
"length": 186.0
},
"signature_type": "Function",
"target": {
"function": "remove_file_ext",
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58ecf51af12cb32b890858b52b2c34e80590c74a",
"signature_version": "v1",
"id": "CVE-2025-38438-9ed3bc0a"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"212239855646079141054035795896040526151",
"225699834878722730833964816877033040333",
"233417052566732885172086348519357925326",
"80181376263559919221253921155714228486",
"221673397874697028435302470228832628358",
"291724406661902967204201779603961688668",
"27710276637596894459823193960377675119",
"315372920370446032088328975287276801257",
"311617387749679296681663560719811646191",
"114099437422639194165571593993014216368",
"110382567661216716074474562983339313224"
]
},
"signature_type": "Line",
"target": {
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68397fda2caa90e99a7c0bcb2cf604e42ef3b91f",
"signature_version": "v1",
"id": "CVE-2025-38438-aac83457"
},
{
"digest": {
"function_hash": "20272822852593275067827663853142210668",
"length": 186.0
},
"signature_type": "Function",
"target": {
"function": "remove_file_ext",
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e",
"signature_version": "v1",
"id": "CVE-2025-38438-abb3decb"
},
{
"digest": {
"function_hash": "79498682410547453448406374083626274736",
"length": 4581.0
},
"signature_type": "Function",
"target": {
"function": "hda_machine_select",
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e",
"signature_version": "v1",
"id": "CVE-2025-38438-acb75a3b"
},
{
"digest": {
"function_hash": "20272822852593275067827663853142210668",
"length": 186.0
},
"signature_type": "Function",
"target": {
"function": "remove_file_ext",
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@68397fda2caa90e99a7c0bcb2cf604e42ef3b91f",
"signature_version": "v1",
"id": "CVE-2025-38438-bf2526f8"
},
{
"digest": {
"function_hash": "79498682410547453448406374083626274736",
"length": 4581.0
},
"signature_type": "Function",
"target": {
"function": "hda_machine_select",
"file": "sound/soc/sof/intel/hda.c"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58ecf51af12cb32b890858b52b2c34e80590c74a",
"signature_version": "v1",
"id": "CVE-2025-38438-bfc5f658"
}
]