CVE-2025-40154

high

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed.

References

https://git.kernel.org/stable/c/fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0

https://git.kernel.org/stable/c/f58fca15f3bf8b982e799c31e4afa8923788aa40

https://git.kernel.org/stable/c/dea9c8c9028c9374761224a7f9d824e845a2aa2e

https://git.kernel.org/stable/c/a97b4d18ecb012c5624cdf2cab2ce5e1312fdd5d

https://git.kernel.org/stable/c/5c03ea2ef4ebba75c69c90929d8590eb3d3797a9

https://git.kernel.org/stable/c/48880f3cdf2b6d8dcd91219c5b5c8a7526411322

https://git.kernel.org/stable/c/2c27e047bdcba457ec953f7e90e4ed6d5f8aeb01

https://git.kernel.org/stable/c/29a41bf6422688f0c5a09b18222e1a64b2629fa4

Details

Source: Mitre, NVD

Published: 2025-11-12

Updated: 2025-11-12

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00024