VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 16, 2025· Updated Apr 15, 2026

CVE-2025-68205

CVE-2025-68205

Description

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver

After restructuring and splitting the HDMI codec driver code, each HDMI codec driver contains the own build_controls and build_pcms ops. A copy-n-paste error put the wrong entries for nvhdmi-mcp driver; both build_controls and build_pcms are swapped. Unfortunately both callbacks have the very same form, and the compiler didn't complain it, either. This resulted in a NULL dereference because the PCM instance hasn't been initialized at calling the build_controls callback.

Fix it by passing the proper entries.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A copy-paste error in the Linux kernel's ALSA HDMI driver causes a NULL dereference during probing of the nvhdmi-mcp driver.

Root

Cause

A copy-paste error in the Linux kernel's ALSA HDMI codec driver restructuring led to swapped build_controls and build_pcms function pointers in the nvhdmi-mcp driver. Both callbacks have identical signatures, so the compiler did not detect the mismatch. This results in a NULL dereference when build_controls is called before the PCM instance is initialized [1].

Exploitation

An attacker would need to trigger the probing of the nvhdmi-mcp driver, which occurs during normal system boot or when an HDMI audio device is connected. No special privileges are required beyond local access to the system. The vulnerability manifests as a kernel crash (NULL pointer dereference) during driver initialization [1].

Impact

Successful exploitation leads to a denial of service (system crash) due to the NULL dereference. There is no indication of memory corruption or privilege escalation from the available information [1].

Mitigation

The fix is included in the Linux kernel stable tree as commit 82420bd4e17bdaba8453fbf9e10c58c9ed0c9727. Users should apply the latest stable kernel updates to resolve the issue [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Linux/Kernelinferred2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.