Skip to main content

Linux Kernel EUVDEUVD-2025-209677

| CVE-2025-71286 MEDIUM
2026-05-06 Linux GHSA-wjfp-2w53-2rcg
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 00:00 vuln.today
CVSS changed
May 12, 2026 - 21:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:02 EUVD
CVE Published
May 06, 2026 - 11:32 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls

The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_ipc4_control_data) + // kernel only struct [2] sizeof(struct sof_abi_hdr)) + payload

The max_size specifies the size of [2] and it is coming from topology.

Change the function to take this into account and allocate adequate amount of memory behind scontrol->ipc_control_data.

With the change we will allocate [1] amount more memory to be able to hold the full size of data.

AnalysisAI

Memory allocation underflow in the Linux kernel ASoC SOF (Sound Open Firmware) ipc4-topology module allows local authenticated users to trigger a denial of service via bytes control handling that fails to account for the full data structure size. The vulnerability affects kernel versions prior to specific stable releases (6.6.128, 6.12.75, 6.18.16, 6.19.6, and 7.0) where the allocation size calculation omits the sof_ipc4_control_data structure, potentially causing memory exhaustion or kernel crash when processing audio topology configuration.

Technical ContextAI

The vulnerability exists in the ASoC (ALSA System on Chip) SOF ipc4-topology kernel subsystem, which handles audio topology configuration through the IPC4 (Inter-Process Communication version 4) protocol. The audio control data structure requires two components: the kernel-only sof_ipc4_control_data structure (component 1) and the sof_abi_hdr plus payload (component 2, whose size is specified by max_size from topology). The bug occurs because memory allocation for scontrol->ipc_control_data only accounts for component 2, omitting component 1, resulting in an undersized buffer allocation. When bytes controls are processed, the kernel writes beyond allocated memory boundaries, leading to heap corruption or denial of service. This affects systems with SOF audio firmware enabled, particularly those using Intel DSP-based audio controllers or ARM ADSP configurations that depend on topology-driven audio initialization.

RemediationAI

Apply stable kernel updates: Linux 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0 or later (patch commit 59fe643f21b9d59bcbedb0dfbf988ee455c23736 and related backports). For systems unable to update immediately, disable SOF audio in kernel configuration (rebuild kernel with CONFIG_SND_SOC_SOF=n) or restrict audio subsystem access to privileged users only, though this trades functionality for risk reduction. Verify patch application by checking kernel version and confirming SOF ipc4-topology code reflects the allocation size correction that accounts for both sof_ipc4_control_data and sof_abi_hdr structures. Reference stable kernel releases at https://git.kernel.org/stable/.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2025-209677 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy