CVE-2025-71286
Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_ipc4_control_data) + // kernel only struct [2] sizeof(struct sof_abi_hdr)) + payload The max_size specifies the size of [2] and it is coming from topology. Change the function to take this into account and allocate adequate amount of memory behind scontrol->ipc_control_data. With the change we will allocate [1] amount more memory to be able to hold the full size of data.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-71286
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-71286.html
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2c3165ad0b541896
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/a653820700b81c9e6f05ac23b7969ecec1a18e85
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfbf988ee455c23736
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1237cd9ff198cb882402572f29569e5247190974
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.19.6-1 |
| debian | sid | fixed | 6.19.6-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 6.6.128 |
References
- https://git.kernel.org/stable/c/1237cd9ff198cb882402572f29569e5247190974
- https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1
- https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfbf988ee455c23736
- https://git.kernel.org/stable/c/a653820700b81c9e6f05ac23b7969ecec1a18e85
- https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2c3165ad0b541896
- https://www.suse.com/security/cve/CVE-2025-71286.html
- https://security-tracker.debian.org/tracker/CVE-2025-71286
Verify integrity in audit chain (admin only). AS-IS.