CVE-2025-40344 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context, these two operations shall be synchronized to avoid slab-use-after-free or worse errors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/845f716dc5f354c719f6fda35048b6c2eca99331
https://git.kernel.org/stable/c/b41fca4aa60be896ba8a81b57aac5dcc6eee66c0
https://git.kernel.org/stable/c/ca6d2b7aca778afbf8c0c4b330d10cb228c14052

History

Tue, 09 Dec 2025 04:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context, these two operations shall be synchronized to avoid slab-use-after-free or worse errors.
Title		ASoC: Intel: avs: Disable periods-elapsed work when closing PCM
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/845f716dc5f354c719f6fda35048b6c2eca99331 https://git.kernel.org/stable/c/b41fca4aa60be896ba8a81b57aac5dcc6eee66c0 https://git.kernel.org/stable/c/ca6d2b7aca778afbf8c0c4b330d10cb228c14052

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-09T04:10:03.253Z

Updated: 2025-12-09T04:10:03.253Z

Reserved: 2025-04-16T07:20:57.187Z

Link: CVE-2025-40344

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-09T16:17:44.777

Modified: 2025-12-09T18:36:53.557

Link: CVE-2025-40344

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40344", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.187Z", "datePublished": "2025-12-09T04:10:03.253Z", "dateUpdated": "2025-12-09T04:10:03.253Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T04:10:03.253Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Disable periods-elapsed work when closing PCM\n\navs_dai_fe_shutdown() handles the shutdown procedure for HOST HDAudio\nstream while period-elapsed work services its IRQs. As the former\nfrees the DAI's private context, these two operations shall be\nsynchronized to avoid slab-use-after-free or worse errors."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/intel/avs/pcm.c"], "versions": [{"version": "0dbb186c3510cad4e9f443e801bf2e6ab5770c00", "lessThan": "ca6d2b7aca778afbf8c0c4b330d10cb228c14052", "status": "affected", "versionType": "git"}, {"version": "0dbb186c3510cad4e9f443e801bf2e6ab5770c00", "lessThan": "b41fca4aa60be896ba8a81b57aac5dcc6eee66c0", "status": "affected", "versionType": "git"}, {"version": "0dbb186c3510cad4e9f443e801bf2e6ab5770c00", "lessThan": "845f716dc5f354c719f6fda35048b6c2eca99331", "status": "affected", "versionType": "git"}, {"version": "31087af37d6b1586b76d4acf3e0c1634a4617ba6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/intel/avs/pcm.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.58", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.8", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.58"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.17.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.11.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ca6d2b7aca778afbf8c0c4b330d10cb228c14052"}, {"url": "https://git.kernel.org/stable/c/b41fca4aa60be896ba8a81b57aac5dcc6eee66c0"}, {"url": "https://git.kernel.org/stable/c/845f716dc5f354c719f6fda35048b6c2eca99331"}], "title": "ASoC: Intel: avs: Disable periods-elapsed work when closing PCM", "x_generator": {"engine": "bippy-1.2.0"}}}}