{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ASoC: Intel: avs: Do not share the name pointer between components",
    "id" : "2420423",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2420423"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
    "status" : "draft"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nASoC: Intel: avs: Do not share the name pointer between components\nBy sharing 'name' directly, tearing down components may lead to\nuse-after-free errors. Duplicate the name to avoid that.\nAt the same time, update the order of operations - since commit\ncee28113db17 (\"ASoC: dmaengine_pcm: Allow passing component name via\nconfig\") the framework does not override component->name if set before\ninvoking the initializer.", "A use-after-free flaw was found in the Linux kernel's Intel Audio Voice Speech (AVS) driver in the ASoC subsystem. When multiple audio components share the same name pointer directly, tearing down one component frees the memory while other components still reference it. Subsequent access to the freed name pointer leads to use-after-free, potentially causing system crashes, memory corruption, or privilege escalation." ],
  "statement" : "This vulnerability affects systems with Intel audio hardware using the AVS driver. Exploitation requires local access and typically occurs during audio device initialization or teardown operations. The race condition makes exploitation timing-dependent.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40338\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40338\nhttps://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40338-c637@gregkh/T" ],
  "name" : "CVE-2025-40338",
  "mitigation" : {
    "value" : "To mitigate this issue, prevent the snd_soc_avs module from being loaded if Intel AVS audio functionality is not required. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist a kernel module.",
    "lang" : "en:us"
  },
  "csaw" : false
}