CVE-2025-38662
📋 TL;DR
This CVE describes a memory corruption vulnerability in the Linux kernel's MediaTek MT8365 audio subsystem driver. An incorrect size parameter passed to a memory copy function allows out-of-bounds memory access, potentially leading to kernel crashes or arbitrary code execution. Systems using Linux kernels with the affected MediaTek audio driver are vulnerable.
💻 Affected Systems
- Linux kernel with MediaTek MT8365 audio driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to arbitrary code execution with kernel privileges, potentially resulting in full system compromise, data theft, or persistent backdoor installation.
Likely Case
Kernel panic or system crash causing denial of service, requiring physical access or reboot to restore functionality.
If Mitigated
Kernel Address Sanitizer (KASAN) detection prevents exploitation but may cause system instability or crashes.
🎯 Exploit Status
Exploitation requires local access and ability to interact with the audio subsystem driver. The KASAN detection makes exploitation more difficult but not impossible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1dc0ed16cfbc3c28a07a89904071cfa802fdcee1, 6bea85979d05470e6416a2bb504a9bcd9178304c, 6e621dd99c57db916842865debaa65f20bbd6d8e
Vendor Advisory: https://git.kernel.org/stable/c/1dc0ed16cfbc3c28a07a89904071cfa802fdcee1
Restart Required: Yes
Instructions:
1. Update to a Linux kernel version containing the fix commits. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable vulnerable driver module
linuxPrevent loading of the snd_soc_mt8365_pcm kernel module if not required
echo 'blacklist snd_soc_mt8365_pcm' >> /etc/modprobe.d/blacklist-mt8365.conf
rmmod snd_soc_mt8365_pcm
Enable kernel hardening features
linuxEnable Kernel Address Sanitizer (KASAN) and other memory protection features
Add 'kasan' to kernel command line parameters in bootloader configuration
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable driver
- Implement strict SELinux/AppArmor policies to limit driver interaction
🔍 How to Verify
Check if Vulnerable:
Check if snd_soc_mt8365_pcm module is loaded: lsmod | grep snd_soc_mt8365_pcmCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: grep -q '1dc0ed16cfbc3c28a07a89904071cfa802fdcee1\|6bea85979d05470e6416a2bb504a9bcd9178304c\|6e621dd99c57db916842865debaa65f20bbd6d8e' /proc/version📡 Detection & Monitoring
Log Indicators:
- KASAN error messages in kernel logs
- BUG: KASAN: global-out-of-bounds
- Call trace showing mt8365_dai_set_priv
Network Indicators:
- No network indicators - local vulnerability only
SIEM Query:
source="kernel" AND "KASAN" AND "mt8365"