CVE-2025-40338

Published: Dec 9, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of operations - since commit cee28113db17 ("ASoC: dmaengine_pcm: Allow passing component name via config") the framework does not override component->name if set before invoking the initializer.

Vendor	Product	Versions
Linux	Linux	affected `f1b3b320bd6519b16e3480f74f2926d106e3bcba - < 128bf29c992988f8b4f3829227339908fde5ec86` affected `f1b3b320bd6519b16e3480f74f2926d106e3bcba - < 4dee5c1cc439b0d5ef87f741518268ad6a95b23d`
Linux	Linux	affected `5.19` unaffected `0 - < 5.19` unaffected `6.17.8 - <= 6.17.` unaffected `6.18 - <= `

References

https://git.kernel.org/stable/c/128bf29c992988f8b4f3829227339908fde5ec86

https://git.kernel.org/stable/c/4dee5c1cc439b0d5ef87f741518268ad6a95b23d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40338

Description

Affected Products

References