CVE-2025-39765NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-1341Multiple Releases of Same Resource or Handle5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 11

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: fix ida_free call while not allocated In the snd_utimer_create() function, if the kasprintf() function return NULL, snd_utimer_put_id() will be called, finally use ida_free() to free the unallocated id 0. the syzkaller reported the following information: ------------[ cut here ]------------ ida_free called for id=0 which is not allocated. WARNING: CPU: 1 PID: 1286 at lib/idr.c:592 ida_free+0x1fd/0x2f0 lib/idr.c:5

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.126.12.44+2
Debianlinux/linux_kernel< 6.12.48-1+1
CVEListV5linux/linux37745918e0e7575bc40f38da93a99b9fa640622434327b362ce2849a5eb02f47e800049e7a20a0ba+3
debiandebian/linux< linux 6.16.5-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2025-39765: In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: fix ida_free call while not allocated In the snd_utimer_create() func2025-09-11
GHSA
GHSA-3rvm-cw98-w4rx: In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: fix ida_free call while not allocated In the snd_utimer_create() fu2025-09-11

📋Vendor Advisories

2
Red Hat
kernel: ALSA: timer: fix ida_free call while not allocated2025-09-11
Debian
CVE-2025-39765: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: timer...2025
CVE-2025-39765 — NULL Pointer Dereference in Linux | cvebase