CVE-2025-40097

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: hda: Fix missing pointer check in hda_component_manager_init function<br /> <br /> The __component_match_add function may assign the &amp;#39;matchptr&amp;#39; pointer<br /> the value ERR_PTR(-ENOMEM), which will subsequently be dereferenced.<br /> <br /> The call stack leading to the error looks like this:<br /> <br /> hda_component_manager_init<br /> |-&gt; component_match_add<br /> |-&gt; component_match_add_release<br /> |-&gt; __component_match_add ( ... ,**matchptr, ... )<br /> |-&gt; *matchptr = ERR_PTR(-ENOMEM); // assign<br /> |-&gt; component_master_add_with_match( ... match)<br /> |-&gt; component_match_realloc(match, match-&gt;num); // dereference<br /> <br /> Add IS_ERR() check to prevent the crash.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.