Linux Kernel ASoC SOF: ipc4-topology Bytes Control Allocation Size CVE
CVE-2025-71286 Published on May 6, 2026
ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
The size of the data behind of scontrol->ipc_control_data for bytes
controls is:
[1] sizeof(struct sof_ipc4_control_data) + // kernel only struct
[2] sizeof(struct sof_abi_hdr)) + payload
The max_size specifies the size of [2] and it is coming from topology.
Change the function to take this into account and allocate adequate amount
of memory behind scontrol->ipc_control_data.
With the change we will allocate [1] amount more memory to be able to hold
the full size of data.
Products Associated with CVE-2025-71286
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version a382082ff74b036944cbc5b6ad29b65f633acd3a and below 59fe643f21b9d59bcbedb0dfbf988ee455c23736 is affected.
- Version a382082ff74b036944cbc5b6ad29b65f633acd3a and below 491956b45b5f4933632ea6d8a8bdfdf045ab81e1 is affected.
- Version a382082ff74b036944cbc5b6ad29b65f633acd3a and below a704a1a4394b5877b9adc31b2c3165ad0b541896 is affected.
- Version a382082ff74b036944cbc5b6ad29b65f633acd3a and below 1237cd9ff198cb882402572f29569e5247190974 is affected.
- Version a382082ff74b036944cbc5b6ad29b65f633acd3a and below a653820700b81c9e6f05ac23b7969ecec1a18e85 is affected.
- Version 6.4 is affected.
- Before 6.4 is unaffected.
- Version 6.6.128, <= 6.6.* is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.