CVE-2025-37889— ASoC: ops: Consistently treat platform_max as control value
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-37889
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ASoC: ops: Consistently treat platform_max as control value
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min"), and makes some additional related updates. There are two ways the platform_max could be interpreted; the maximum register value, or the maximum value the control can be set to. The patch moved from treating the value as a control value to a register one. When the patch was applied it was technically correct as snd_soc_limit_volume() also used the register interpretation. However, even then most of the other usages treated platform_max as a control value, and snd_soc_limit_volume() has since been updated to also do so in commit fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume"). That patch however, missed updating snd_soc_put_volsw() back to the control interpretation, and fixing snd_soc_info_volsw_range(). The control interpretation makes more sense as limiting is typically done from the machine driver, so it is appropriate to use the customer facing representation rather than the internal codec representation. Update all the code to consistently use this interpretation of platform_max. Finally, also add some comments to the soc_mixer_control struct to hopefully avoid further patches switching between the two approaches.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确处理platform_max控制值,可能导致音量限制错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-37889
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-37889
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-05-09 · 52 CVEs total
| CVE-2025-37873 | eth: bnxt: fix missing ring index trim on error path | |
| CVE-2025-37888 | net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() | |
| CVE-2025-37887 | pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result | |
| CVE-2025-37882 | usb: xhci: Fix isochronous Ring Underrun/Overrun event handling | |
| CVE-2025-37885 | KVM: x86: Reset IRTE to host control if *new* route isn't postable | |
| CVE-2025-37884 | bpf: Fix deadlock between rcu_tasks_trace and event_mutex. | |
| CVE-2025-37883 | s390/sclp: Add check for get_zeroed_page() | |
| CVE-2025-37886 | pds_core: make wait_context part of q_info | |
| CVE-2025-37875 | igc: fix PTM cycle trigger logic | |
| CVE-2025-37874 | net: ngbe: fix memory leak in ngbe_probe() error path | |
| CVE-2025-37876 | netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS | |
| CVE-2025-37872 | net: txgbe: fix memory leak in txgbe_probe() error path | |
| CVE-2025-37871 | nfsd: decrease sc_count directly if fail to queue dl_recall | |
| CVE-2025-37870 | drm/amd/display: prevent hang on link training fail | |
| CVE-2025-37869 | drm/xe: Use local fence in error path of xe_migrate_clear | |
| CVE-2025-37868 | drm/xe/userptr: fix notifier vs folio deadlock | |
| CVE-2025-37867 | RDMA/core: Silence oversized kvmalloc() warning | |
| CVE-2025-37866 | mlxbf-bootctl: use sysfs_emit_at() in secure_boot_fuse_state_show() | |
| CVE-2025-37865 | net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported | |
| CVE-2025-37864 | net: dsa: clean up FDB, MDB, VLAN entries on unbind |
Showing top 20 of 52 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2025-37889
No comments yet