{"id":"CVE-2025-37979","summary":"ASoC: qcom: Fix sc7280 lpass potential buffer overflow","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix sc7280 lpass potential buffer overflow\n\nCase values introduced in commit\n5f78e1fb7a3e (\"ASoC: qcom: Add driver support for audioreach solution\")\ncause out of bounds access in arrays of sc7280 driver data (e.g. in case\nof RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()).\n\nRedefine LPASS_MAX_PORTS to consider the maximum possible port id for\nq6dsp as sc7280 driver utilizes some of those values.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.","modified":"2026-04-02T12:47:42.974271Z","published":"2025-05-20T16:58:22.103Z","related":["SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:02254-1","SUSE-SU-2025:02307-1","SUSE-SU-2025:02333-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37979.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/a12c14577882b1f2b4cff0f86265682f16e97b0c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a31a4934b31faea76e735bab17e63d02fcd8e029"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b807b7c81a6d066757a94af7b8fa5b6a37e4d0b3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c0ce01e0ff8a0d61a7b089ab309cdc12bc527c39"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d78888853eb53f47ae16cf3aa5d0444d0331b9f8"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37979.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37979"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"77d0ffef793da818741127f4905a3e3d45d05ac7"},{"fixed":"d78888853eb53f47ae16cf3aa5d0444d0331b9f8"},{"fixed":"a12c14577882b1f2b4cff0f86265682f16e97b0c"},{"fixed":"c0ce01e0ff8a0d61a7b089ab309cdc12bc527c39"},{"fixed":"b807b7c81a6d066757a94af7b8fa5b6a37e4d0b3"},{"fixed":"a31a4934b31faea76e735bab17e63d02fcd8e029"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37979.json"}}],"schema_version":"1.7.5"}