{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-39959", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.149Z", "datePublished": "2025-10-09T09:47:36.274Z", "dateUpdated": "2025-10-09T09:47:36.274Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-09T09:47:36.274Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: Fix incorrect retrival of acp_chip_info\n\nUse dev_get_drvdata(dev->parent) instead of dev_get_platdata(dev)\nto correctly obtain acp_chip_info members in the acp I2S driver.\nPreviously, some members were not updated properly due to incorrect\ndata access, which could potentially lead to null pointer\ndereferences.\n\nThis issue was missed in the earlier commit\n(\"ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot\"),\nwhich only addressed set_tdm_slot(). This change ensures that all\nrelevant functions correctly retrieve acp_chip_info, preventing\nfurther null pointer dereference issues."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/amd/acp/acp-i2s.c"], "versions": [{"version": "e3933683b25e2cc94485da4909e3338e1a177b39", "lessThan": "65c5cfbd6d938f77a0df3c34855a4f7d8a61fd10", "status": "affected", "versionType": "git"}, {"version": "e3933683b25e2cc94485da4909e3338e1a177b39", "lessThan": "d7871f400cad1da376f1d7724209a1c49226c456", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/amd/acp/acp-i2s.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.16.9", "lessThanOrEqual": "6.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.16.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.17"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/65c5cfbd6d938f77a0df3c34855a4f7d8a61fd10"}, {"url": "https://git.kernel.org/stable/c/d7871f400cad1da376f1d7724209a1c49226c456"}], "title": "ASoC: amd: acp: Fix incorrect retrival of acp_chip_info", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8222621E-C594-44E8-995D-65FF1817EDA5", "versionEndExcluding": "6.16.9", "versionStartIncluding": "6.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*", "matchCriteriaId": "327D22EF-390B-454C-BD31-2ED23C998A1C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*", "matchCriteriaId": "C730CD9A-D969-4A8E-9522-162AAF7C0EE9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*", "matchCriteriaId": "39982C4B-716E-4B2F-8196-FA301F47807D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*", "matchCriteriaId": "340BEEA9-D70D-4290-B502-FBB1032353B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*", "matchCriteriaId": "47E4C5C0-079F-4838-971B-8C503D48FCC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*", "matchCriteriaId": "5A4516A6-C12E-42A4-8C0E-68AEF3264504", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: acp: Fix incorrect retrival of acp_chip_info\n\nUse dev_get_drvdata(dev->parent) instead of dev_get_platdata(dev)\nto correctly obtain acp_chip_info members in the acp I2S driver.\nPreviously, some members were not updated properly due to incorrect\ndata access, which could potentially lead to null pointer\ndereferences.\n\nThis issue was missed in the earlier commit\n(\"ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot\"),\nwhich only addressed set_tdm_slot(). This change ensures that all\nrelevant functions correctly retrieve acp_chip_info, preventing\nfurther null pointer dereference issues."}], "id": "CVE-2025-39959", "lastModified": "2026-02-03T15:02:47.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-09T10:15:38.507", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/65c5cfbd6d938f77a0df3c34855a4f7d8a61fd10"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d7871f400cad1da376f1d7724209a1c49226c456"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ASoC: amd: acp: Fix incorrect retrival of acp_chip_info", "id": "2402702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402702"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-39959", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-39959\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39959\nhttps://lore.kernel.org/linux-cve-announce/2025100943-CVE-2025-39959-ed09@gregkh/T"], "threat_severity": "Low"}

{"created": "2025-10-09T12:51:11.928184+00:00", "updated": "2025-10-09T12:51:11.928210+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}