CVE-2025-37979

Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RXCODECDMARX0 in sc7280sndhw_params()).

Redefine LPASSMAXPORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37979.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

77d0ffef793da818741127f4905a3e3d45d05ac7

Fixed

d78888853eb53f47ae16cf3aa5d0444d0331b9f8

Fixed

a12c14577882b1f2b4cff0f86265682f16e97b0c

Fixed

c0ce01e0ff8a0d61a7b089ab309cdc12bc527c39

Fixed

b807b7c81a6d066757a94af7b8fa5b6a37e4d0b3

Fixed

a31a4934b31faea76e735bab17e63d02fcd8e029

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37979.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

6.1.136

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.88

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.25

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.14.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37979.json"