Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced. The call stack leading to the error looks like this: hda_component_manager_init |-> component_match_add |-> component_match_add_release |-> __component_match_add ( ... ,**matchptr, ... ) |-> *matchptr = ERR_PTR(-ENOMEM); // assign |-> component_master_add_with_match( ... match) |-> component_match_realloc(match, match->num); // dereference Add IS_ERR() check to prevent the crash. Found by Linux Verification Center (linuxtesting.org) with SVACE.

INFO

Published Date :

2025-10-30T09:48:04.567Z

Last Modified :

2025-10-30T09:48:04.567Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40097 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40097.

URL Resource
https://git.kernel.org/stable/c/1cf11d80db5df805b538c942269e05a65bcaf5bc cve-icon cve-icon
https://git.kernel.org/stable/c/47d1b9ca923b55c3f407788f1f15b04957e0e027 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40097-7676@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40097 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40097 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact