| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111258-CVE-2025-40154-fd98@gregkh> Date: Wed, 12 Nov 2025 19:24:30 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed. The Linux kernel CVE team has assigned CVE-2025-40154 to this issue. Affected and fixed versions =========================== Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 5.4.301 with commit 2c27e047bdcba457ec953f7e90e4ed6d5f8aeb01 Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 5.10.246 with commit a97b4d18ecb012c5624cdf2cab2ce5e1312fdd5d Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 5.15.195 with commit dea9c8c9028c9374761224a7f9d824e845a2aa2e Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 6.1.156 with commit f58fca15f3bf8b982e799c31e4afa8923788aa40 Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 6.6.112 with commit 29a41bf6422688f0c5a09b18222e1a64b2629fa4 Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 6.12.53 with commit 5c03ea2ef4ebba75c69c90929d8590eb3d3797a9 Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 6.17.3 with commit 48880f3cdf2b6d8dcd91219c5b5c8a7526411322 Issue introduced in 4.18 with commit 063422ca2a9de238401c3848c1b3641c07b6316c and fixed in 6.18-rc1 with commit fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40154 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/intel/boards/bytcr_rt5640.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2c27e047bdcba457ec953f7e90e4ed6d5f8aeb01 https://git.kernel.org/stable/c/a97b4d18ecb012c5624cdf2cab2ce5e1312fdd5d https://git.kernel.org/stable/c/dea9c8c9028c9374761224a7f9d824e845a2aa2e https://git.kernel.org/stable/c/f58fca15f3bf8b982e799c31e4afa8923788aa40 https://git.kernel.org/stable/c/29a41bf6422688f0c5a09b18222e1a64b2629fa4 https://git.kernel.org/stable/c/5c03ea2ef4ebba75c69c90929d8590eb3d3797a9 https://git.kernel.org/stable/c/48880f3cdf2b6d8dcd91219c5b5c8a7526411322 https://git.kernel.org/stable/c/fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0
Powered by blists - more mailing lists