CVE-2025-40013 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL check so that we do not dereference it.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3
https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18
https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106
https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734
https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b
https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983

History

Mon, 20 Oct 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL check so that we do not dereference it.
Title		ASoC: qcom: audioreach: fix potential null pointer dereference
References		https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3 https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18 https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106 https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734 https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-20T15:29:09.076Z

Updated: 2025-10-20T15:29:09.076Z

Reserved: 2025-04-16T07:20:57.151Z

Link: CVE-2025-40013

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-20T16:15:38.057

Modified: 2025-10-20T16:15:38.057

Link: CVE-2025-40013

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-40013", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.151Z", "datePublished": "2025-10-20T15:29:09.076Z", "dateUpdated": "2025-10-20T15:29:09.076Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-20T15:29:09.076Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/qcom/qdsp6/topology.c"], "versions": [{"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "9c1ad4192f3d2fc85339718a6252cb3337848f7b", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "70e1e5fe9f7e05ff831b56ebc02543e7811b8e18", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "4dda55d04caac3b4102c26e29b1c27fa35636be3", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "8f9c9fafc0e7a73bbff58954d171c016ddee1734", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "ef08ce6304d30b5778035d07b04514cb70839983", "status": "affected", "versionType": "git"}, {"version": "36ad9bf1d93d66b901342eab9f8ed6c1537655a6", "lessThan": "8318e04ab2526b155773313b66a1542476ce1106", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/qcom/qdsp6/topology.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.156", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.110", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.51", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.11", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.1", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.156"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.110"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.12.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.16.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.17.1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.18-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9c1ad4192f3d2fc85339718a6252cb3337848f7b"}, {"url": "https://git.kernel.org/stable/c/70e1e5fe9f7e05ff831b56ebc02543e7811b8e18"}, {"url": "https://git.kernel.org/stable/c/4dda55d04caac3b4102c26e29b1c27fa35636be3"}, {"url": "https://git.kernel.org/stable/c/8f9c9fafc0e7a73bbff58954d171c016ddee1734"}, {"url": "https://git.kernel.org/stable/c/ef08ce6304d30b5778035d07b04514cb70839983"}, {"url": "https://git.kernel.org/stable/c/8318e04ab2526b155773313b66a1542476ce1106"}], "title": "ASoC: qcom: audioreach: fix potential null pointer dereference", "x_generator": {"engine": "bippy-1.2.0"}}}}