CVE-2025-37941 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 20
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()
When snd_soc_dapm_new_controls() or snd_soc_dapm_add_routes() fails,
wcd937x_soc_codec_probe() returns without releasing 'wcd937x->clsh_info',
which is allocated by wcd_clsh_ctrl_alloc. Add wcd_clsh_ctrl_free()
to prevent potential memory leak.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux313e978df7fc38b9e949ac5933d0d9d56d5e8a9c — acadb2e2b3c5b9977a843a3a94fece9bdcf6aea1+4
Patches
🔴Vulnerability Details
5OSV▶
CVE-2025-37941: In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe() Wh↗2025-05-20
GHSA▶
GHSA-wgf5-7hq7-35g6: In the Linux kernel, the following vulnerability has been resolved:
ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()↗2025-05-20
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2025-37941: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: codec...↗2025