CVE-2025-40338
- Source
- https://cve.org/CVERecord?id=CVE-2025-40338
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40338.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40338
- Downstream
- Related
- Published
- 2025-12-09T04:09:54.753Z
- Modified
- 2026-03-12T02:16:55.080610Z
- Summary
- ASoC: Intel: avs: Do not share the name pointer between components
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: avs: Do not share the name pointer between components
By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that.
At the same time, update the order of operations - since commit cee28113db17 ("ASoC: dmaengine_pcm: Allow passing component name via config") the framework does not override component->name if set before invoking the initializer.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40338.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/128bf29c992988f8b4f3829227339908fde5ec86
- https://git.kernel.org/stable/c/4dee5c1cc439b0d5ef87f741518268ad6a95b23d
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40338.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40338