CVE-2025-38307

Опубликовано: 10 июл. 2025

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify content returned by parse_int_array() The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 ends with null-ptr-deref.

Отчет

In the Intel ASoC avs debugfs interface, the trace_control_write() handler fails to validate the parsed input array from parse_int_array(). If the array length is 0, accessing array[1] results in a NULL pointer dereference, potentially leading to a kernel panic. This issue is limited to systems with debugfs enabled and accessible, typically requiring root privileges.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-129

https://bugzilla.redhat.com/show_bug.cgi?id=2379202kernel: ASoC: Intel: avs: Verify content returned by parse_int_array()

EPSS

Процентиль: 6%

0.00026

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2025-38307

ubuntu

4 месяца назад

CVE-2025-38307

nvd

4 месяца назад

CVE-2025-38307

CVSS3: 5.5

msrc

3 месяца назад

ASoC: Intel: avs: Verify content returned by parse_int_array()

CVE-2025-38307

debian

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: A ...

GHSA-v6x9-7pmq-vrf2

github

4 месяца назад

EPSS

Процентиль: 6%

0.00026

Низкий

4.4 Medium

CVSS3