{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-40121", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T07:20:57.169Z", "datePublished": "2025-11-12T10:23:19.000Z", "dateUpdated": "2025-11-12T10:23:19.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-11-12T10:23:19.000Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping\n\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver just ignores and leaves as is, which may lead to\nunepxected results like OOB access.\n\nThis patch adds the sanity check and corrects the input mapping to the\ncertain default value if an invalid value is passed."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/intel/boards/bytcr_rt5651.c"], "versions": [{"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "bff827b0d507e52b23efab9f67c232a4f037ab2c", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "64a36a7032082b4c330ce081acb6efb99246020e", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "95e29db33b5f73218ae08ebb48c61c9a8d28e2ff", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "2204e582b4eea872e1e7a5c90edcb84b928c68b0", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "f197894de2f4ef46c7d53827d9df294b75c35e13", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "fdf99978a6480e14405212472b6c747e0fa43bed", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "c60f269c123210a6846d6d1367de0eaa402c10b0", "status": "affected", "versionType": "git"}, {"version": "64484ccee7af53f08cca2ee3853cb8e18914d8b2", "lessThan": "4336efb59ef364e691ef829a73d9dbd4d5ed7c7b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/intel/boards/bytcr_rt5651.c"], "versions": [{"version": "4.18", "status": "affected"}, {"version": "0", "lessThan": "4.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.301", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.246", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.195", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.156", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.112", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.53", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.17.3", "lessThanOrEqual": "6.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.4.301"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.10.246"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "5.15.195"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.1.156"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.6.112"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.12.53"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.17.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.18", "versionEndExcluding": "6.18-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bff827b0d507e52b23efab9f67c232a4f037ab2c"}, {"url": "https://git.kernel.org/stable/c/64a36a7032082b4c330ce081acb6efb99246020e"}, {"url": "https://git.kernel.org/stable/c/95e29db33b5f73218ae08ebb48c61c9a8d28e2ff"}, {"url": "https://git.kernel.org/stable/c/2204e582b4eea872e1e7a5c90edcb84b928c68b0"}, {"url": "https://git.kernel.org/stable/c/f197894de2f4ef46c7d53827d9df294b75c35e13"}, {"url": "https://git.kernel.org/stable/c/fdf99978a6480e14405212472b6c747e0fa43bed"}, {"url": "https://git.kernel.org/stable/c/c60f269c123210a6846d6d1367de0eaa402c10b0"}, {"url": "https://git.kernel.org/stable/c/4336efb59ef364e691ef829a73d9dbd4d5ed7c7b"}], "title": "ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping\n\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver just ignores and leaves as is, which may lead to\nunepxected results like OOB access.\n\nThis patch adds the sanity check and corrects the input mapping to the\ncertain default value if an invalid value is passed."}], "id": "CVE-2025-40121", "lastModified": "2025-11-12T16:19:12.850", "metrics": {}, "published": "2025-11-12T11:15:41.553", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2204e582b4eea872e1e7a5c90edcb84b928c68b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4336efb59ef364e691ef829a73d9dbd4d5ed7c7b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/64a36a7032082b4c330ce081acb6efb99246020e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95e29db33b5f73218ae08ebb48c61c9a8d28e2ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bff827b0d507e52b23efab9f67c232a4f037ab2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c60f269c123210a6846d6d1367de0eaa402c10b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f197894de2f4ef46c7d53827d9df294b75c35e13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fdf99978a6480e14405212472b6c747e0fa43bed"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping", "id": "2414481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414481"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver just ignores and leaves as is, which may lead to\nunepxected results like OOB access.\nThis patch adds the sanity check and corrects the input mapping to the\ncertain default value if an invalid value is passed."], "name": "CVE-2025-40121", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-40121\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40121\nhttps://lore.kernel.org/linux-cve-announce/2025111252-CVE-2025-40121-c2ef@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2025-11-12T22:12:28.013771+00:00", "updated": "2025-11-12T22:12:28.013803+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}