Bug 2383490 (CVE-2025-38438) - CVE-2025-38438 kernel: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
Summary: CVE-2025-38438 kernel: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid mem...
Keywords:
Status: NEW
Alias: CVE-2025-38438
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-25 16:02 UTC by OSIDB Bzimport
Modified: 2025-07-27 14:54 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-07-25 16:02:17 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.

sof_pdata->tplg_filename can have address allocated by kstrdup()
and can be overwritten. Memory leak was detected with kmemleak:

unreferenced object 0xffff88812391ff60 (size 16):
  comm "kworker/4:1", pid 161, jiffies 4294802931
  hex dump (first 16 bytes):
    73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00  sof-hda-generic.
  backtrace (crc 4bf1675c):
    __kmalloc_node_track_caller_noprof+0x49c/0x6b0
    kstrdup+0x46/0xc0
    hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]
    sof_init_environment+0x16f/0xb50 [snd_sof]
    sof_probe_continue+0x45/0x7c0 [snd_sof]
    sof_probe_work+0x1e/0x40 [snd_sof]
    process_one_work+0x894/0x14b0
    worker_thread+0x5e5/0xfb0
    kthread+0x39d/0x760
    ret_from_fork+0x31/0x70
    ret_from_fork_asm+0x1a/0x30
Comment 1 Jon Moroney 2025-07-25 17:23:57 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025072501-CVE-2025-38438-f653@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.