CVE-2025-37889
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37889
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37889.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37889
- Downstream
- Related
- Published
- 2025-05-09T06:45:50Z
- Modified
- 2025-10-18T02:28:11.949948Z
- Summary
- ASoC: ops: Consistently treat platform_max as control value
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Consistently treat platform_max as control value
This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in sndsocput_volsw() by +min"), and makes some additional related updates.
There are two ways the platformmax could be interpreted; the maximum register value, or the maximum value the control can be set to. The patch moved from treating the value as a control value to a register one. When the patch was applied it was technically correct as sndsoclimitvolume() also used the register interpretation. However, even then most of the other usages treated platformmax as a control value, and sndsoclimitvolume() has since been updated to also do so in commit fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume"). That patch however, missed updating sndsocputvolsw() back to the control interpretation, and fixing sndsocinfovolswrange(). The control interpretation makes more sense as limiting is typically done from the machine driver, so it is appropriate to use the customer facing representation rather than the internal codec representation. Update all the code to consistently use this interpretation of platformmax.
Finally, also add some comments to the socmixercontrol struct to hopefully avoid further patches switching between the two approaches.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3
- https://git.kernel.org/stable/c/296c8295ae34045da0214882628d49c1c060dd8a
- https://git.kernel.org/stable/c/544055329560d4b64fe204fc6be325ebc24c72ca
- https://git.kernel.org/stable/c/694110bc2407a61f02a770cbb5f39b51e4ec77c6
- https://git.kernel.org/stable/c/a46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6
- https://git.kernel.org/stable/c/c402f184a053c8e7ca325e50f04bbbc1e4fee019
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc11fc224e58e7972ffd05b8f25e9b1d6a0b8d562Fixedc402f184a053c8e7ca325e50f04bbbc1e4fee019
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda50562146d6c7650029a115c96ef9aaa7648c344Fixed694110bc2407a61f02a770cbb5f39b51e4ec77c6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced395e52b7a1ad01e1b51adb09854a0aa5347428deFixed544055329560d4b64fe204fc6be325ebc24c72ca
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb9ad24485087e0f00d84bee7a5914640b2b9024Fixeda46a9371f8b9a0eeff53a21e11ed3b65f52d9cf6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb9ad24485087e0f00d84bee7a5914640b2b9024Fixed296c8295ae34045da0214882628d49c1c060dd8a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb9ad24485087e0f00d84bee7a5914640b2b9024Fixed0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3
Affected versions
v5.*
v6.*
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.15.180
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.132
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.84
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.20
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.13.8