Main Vulnerability Database SB2025071118

SB2025071118 - NULL pointer dereference in Linux kernel intel avs

Published: July 11, 2025

Security Bulletin ID SB2025071118

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-38308)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the avs_period_elapsed() and avs_hw_constraints_init() functions in sound/soc/intel/avs/pcm.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/2f78724d4f0c665c83e202e3989d5333a2cb1036
https://git.kernel.org/stable/c/ea218ae05e60616531fe652650b98dcd3c328279