CVE-2025-40013

Vulnerability

Description

In the Linux kernel's ASoC Qualcomm audioreach driver, the function audioreach_widget_load_module_common() may return a NULL or an error pointer when parsing a topology. However, the calling code did not validate the return value before dereferencing it. This missing NULL check creates a potential null pointer dereference vulnerability [1].

Exploitation

Prerequisites

An attacker would need to supply a specially crafted audio topology to the kernel's sound subsystem. This likely requires local access or the ability to load a custom topology through ALSA controls, though no specific authentication barrier is mentioned in the disclosure. The flaw resides in kernel code that processes topology data, making it reachable during normal audio configuration.

Impact

If triggered, the null pointer dereference causes a kernel crash (oops/panic), leading to a denial of service. The description does not indicate that the vulnerability enables privilege escalation or arbitrary code execution.

Mitigation

The fix adds a missing NULL check and was applied in the mainline kernel via commit [1]. It has also been backported to multiple stable kernel branches, as seen in commits [2], [3], and [4]. Users should apply the latest stable kernel updates containing these patches.