Acknowledged
Created: Sep 4, 2025
Updated: Sep 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()[EOL][EOL]snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will[EOL]leads to null pointer dereference.[EOL]This was reproduced with topology loading and marking a link as ignore[EOL]due to missing hardware component on the system.[EOL]On module removal the soc_tplg_remove_link() would call[EOL]snd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored,[EOL]no runtime was created.
CREATE(Triage):(User=admin) [CVE-2025-38706 (https://nvd.nist.gov/vuln/detail/CVE-2025-38706)
