CVE-2025-37793: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-37793 was discovered in the Linux kernel's ASoC (ALSA System on Chip) Intel AVS component. The vulnerability was disclosed on May 1, 2025, affecting the avscomponentprobe() function in the Intel AVS (Audio, Voice, and Speech) driver component (NVD, Wiz).

The vulnerability stems from a failure to check for NULL pointer returns from devmkasprintf() when memory allocation fails in the avscomponent_probe() function. This oversight can lead to a NULL pointer dereference in the code execution path. The vulnerability has been assigned a CVSS v3 Base Score of 5.5 by Red Hat, indicating moderate severity (Red Hat).

The exploitation of this vulnerability could result in a NULL pointer dereference, which typically leads to a kernel crash or denial of service condition on systems utilizing the Intel AVS audio driver component (Wiz).

The vulnerability has been fixed in various Linux kernel versions. Debian has addressed the issue in version 6.12.25-1 for the sid release. Red Hat Enterprise Linux 9 has deferred the fix for both kernel and kernel-rt packages. Users are advised to update their kernel to the latest available version that includes the fix (Debian Tracker, Red Hat).