CVE-2025-40097Linux vulnerability

16 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedOct 30
Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced. The call stack leading to the error looks like this: hda_component_manager_init |-> component_match_add |-> component_match_add_release |-> __component_match_add ( ... ,**matchptr, ... ) |-> *matchptr = ERR_PTR(-EN

Affected Packages6 packages

Linuxlinux/linux_kernel5.17.06.12.59+1
Debianlinux/linux_kernel< 6.12.63-1+1
Ubuntulinux/linux_kernel< 6.17.0-14.14
CVEListV5linux/linuxae7abe36e352eddf8e30d3b1ea3fb402514ba13b218a8504e62fc2c8a1fd12523346b7a2b9bd2474+3

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24
Ubuntu
Linux kernel (OEM) vulnerabilities2026-02-17
Ubuntu
Linux kernel (GCP) vulnerabilities2026-02-12
Ubuntu
Linux kernel vulnerabilities2026-02-12
Red Hat
kernel: ALSA: hda: Fix missing pointer check in hda_component_manager_init function2025-10-30