CVE-2025-68345

Vulnerability

Description

In the Linux kernel ALSA HDA driver for the Cirrus Logic cs35l41 amplifier, the function cs35l41_hda_read_acpi() can trigger a NULL pointer dereference. The issue arises because acpi_get_first_physical_node() may return NULL, and the subsequent get_device() call also returns NULL without a check. This unchecked NULL pointer is then dereferenced, leading to a kernel crash [1][2].

Exploitation

Path

The vulnerability is triggered during ACPI table parsing when the system boots or when the cs35l41 driver probes a device that lacks a valid physical node. An attacker would need to have local access or the ability to influence ACPI tables to cause the driver to encounter a device without a physical node. No authentication is required beyond local system access, as the driver runs in kernel context [1][2].

Impact

Successful exploitation results in a denial of service (system crash) due to a NULL pointer dereference. There is no indication of privilege escalation or data leakage; the impact is limited to availability [1][2].

Mitigation

The fix adds a NULL check before dereferencing the pointer returned by acpi_get_first_physical_node(), preventing the crash. The patch has been applied to the stable kernel tree and is available in commits referenced in the advisory [1][2]. Users should update to a kernel version containing the fix.