CVE-2025-38438
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and can be overwritten. Memory leak was detected with kmemleak: unreferenced object 0xffff88812391ff60 (size 16): comm "kworker/4:1", pid 161, jiffies 4294802931 hex dump (first 16 bytes): 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic. backtrace (crc 4bf1675c): __kmalloc_node_track_caller_noprof+0x49c/0x6b0 kstrdup+0x46/0xc0 hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic] sof_init_environment+0x16f/0xb50 [snd_sof] sof_probe_continue+0x45/0x7c0 [snd_sof] sof_probe_work+0x1e/0x40 [snd_sof] process_one_work+0x894/0x14b0 worker_thread+0x5e5/0xfb0 kthread+0x39d/0x760 ret_from_fork+0x31/0x70 ret_from_fork_asm+0x1a/0x30
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Trends
Current EPSS score: 0.05%• Percentile: 16%
Techniques & Countermeasures
- CWE-401•Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Affected Systems
- linux•linux
≥ dd96daca6c83ecaf37f38ff49d8d174bbff576b4, < 68397fda2caa90e99a7c0bcb2cf604e42ef3b91f | ≥ dd96daca6c83ecaf37f38ff49d8d174bbff576b4, < 58ecf51af12cb32b890858b52b2c34e80590c74a | ≥ dd96daca6c83ecaf37f38ff49d8d174bbff576b4, < 6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e | 5.2
- linux•linux_kernel
≥ 5.2, < 6.12.39 | ≥ 6.13, < 6.15.7 | 6.16:rc1 | 6.16:rc2 | 6.16:rc3