CVE-2025-40097

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-40097
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40097.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-40097
Downstream
Published
2025-10-30T09:48:04Z
Modified
2025-10-30T20:46:57.012492Z
Summary
ALSA: hda: Fix missing pointer check in hda_component_manager_init function
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix missing pointer check in hdacomponentmanager_init function

The _componentmatchadd function may assign the 'matchptr' pointer the value ERRPTR(-ENOMEM), which will subsequently be dereferenced.

The call stack leading to the error looks like this:

hdacomponentmanagerinit |-> componentmatchadd |-> componentmatchaddrelease |-> _componentmatchadd ( ... ,**matchptr, ... ) |-> *matchptr = ERRPTR(-ENOMEM); // assign |-> componentmasteraddwithmatch( ... match) |-> componentmatchrealloc(match, match->num); // dereference

Add IS_ERR() check to prevent the crash.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ae7abe36e352eddf8e30d3b1ea3fb402514ba13b
Fixed
47d1b9ca923b55c3f407788f1f15b04957e0e027
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ae7abe36e352eddf8e30d3b1ea3fb402514ba13b
Fixed
1cf11d80db5df805b538c942269e05a65bcaf5bc

Affected versions

v5.*

v5.16
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.17.3
v6.17.4
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47d1b9ca923b55c3f407788f1f15b04957e0e027",
        "target": {
            "file": "sound/hda/codecs/side-codecs/hda_component.c"
        },
        "deprecated": false,
        "id": "CVE-2025-40097-0a1e1c6b",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "167488068471323242805669051465009959834",
                "259790707703024672211236927621320654438",
                "93613294606850328055983426153091711658",
                "289232494601287234776829703261789888184"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@47d1b9ca923b55c3f407788f1f15b04957e0e027",
        "target": {
            "function": "hda_component_manager_init",
            "file": "sound/hda/codecs/side-codecs/hda_component.c"
        },
        "deprecated": false,
        "id": "CVE-2025-40097-7bcd4a14",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 863.0,
            "function_hash": "67451014674548037285915478145192458254"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1cf11d80db5df805b538c942269e05a65bcaf5bc",
        "target": {
            "function": "hda_component_manager_init",
            "file": "sound/hda/codecs/side-codecs/hda_component.c"
        },
        "deprecated": false,
        "id": "CVE-2025-40097-abe984e1",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "length": 863.0,
            "function_hash": "67451014674548037285915478145192458254"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1cf11d80db5df805b538c942269e05a65bcaf5bc",
        "target": {
            "file": "sound/hda/codecs/side-codecs/hda_component.c"
        },
        "deprecated": false,
        "id": "CVE-2025-40097-ecfc87d1",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "167488068471323242805669051465009959834",
                "259790707703024672211236927621320654438",
                "93613294606850328055983426153091711658",
                "289232494601287234776829703261789888184"
            ]
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
6.17.5