CVE-2025-71192 in Linux
Summary
by MITRE • 02/04/2026
In the Linux kernel, the following vulnerability has been resolved:
ALSA: ac97: fix a double free in snd_ac97_controller_register()
If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_adapter_release() to do the cleanup.
Found by code review.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/30/2026
The vulnerability identified as CVE-2025-71192 represents a critical double free condition within the Linux kernel's Advanced Linux Sound Architecture implementation specifically affecting the AC97 audio subsystem. This flaw exists in the snd_ac97_controller_register() function where improper memory management leads to potential system instability and arbitrary code execution. The issue stems from incorrect handling of device reference counting and memory deallocation during the audio controller registration process. When ac97_add_adapter() function fails during the audio device initialization sequence, the kernel attempts to release resources incorrectly by invoking kfree() on memory that has already been freed through put_device() calls, creating a dangerous double free scenario that can be exploited by malicious actors.
The technical root cause of this vulnerability lies in the improper resource management within the ALSA subsystem's AC97 controller registration logic. According to CWE-415, this represents an improper deallocation vulnerability where the kernel attempts to free the same memory block twice. The flaw occurs when the idr_alloc() function fails during adapter registration, but the code path does not properly handle the cleanup sequence. The kernel's audio subsystem uses the put_device() function to properly decrement device reference counts and release associated resources, but the code incorrectly attempts to apply kfree() operations on memory that has already been freed through the proper device release mechanism. This creates a scenario where memory corruption can occur, potentially allowing attackers to manipulate the kernel's memory management subsystem.
The operational impact of this vulnerability extends beyond simple system instability to potentially enable privilege escalation and arbitrary code execution within the kernel space. Attackers who can trigger the specific code path involving failed ac97_add_adapter() calls could exploit the double free condition to corrupt kernel memory structures, leading to system crashes or more severe exploitation opportunities. The vulnerability affects systems running Linux kernels that implement the ALSA subsystem with AC97 audio support, particularly those with audio hardware that relies on the legacy AC97 specification. According to ATT&CK framework technique T1068, this vulnerability could be leveraged for privilege escalation, as successful exploitation would allow attackers to execute code with kernel-level privileges. The timing of the vulnerability is particularly concerning as it occurs during system initialization or audio device enumeration, making it possible to trigger through normal system operation or malicious device enumeration.
Mitigation strategies for CVE-2025-71192 should focus on immediate kernel updates from trusted sources to address the specific double free condition in the ALSA subsystem. System administrators should prioritize patching affected kernels and verify that the fix properly handles both the idr_alloc() failure case and the ac97_adapter_release() cleanup functions. The patch implementation must ensure that kfree() operations are only performed when appropriate and that the existing put_device() mechanism properly handles device reference counting. Organizations should also consider implementing runtime monitoring for kernel memory corruption patterns and establish robust system integrity checking procedures. Additionally, the vulnerability highlights the importance of thorough code review processes for kernel subsystems, particularly those handling device registration and resource management. Security teams should monitor for similar patterns in other kernel subsystems and ensure that proper resource management practices are followed throughout the kernel codebase, particularly in areas that handle device lifecycle management and memory deallocation. The fix should be validated through comprehensive testing to ensure that no regressions are introduced while properly addressing the double free condition that could otherwise enable more sophisticated exploitation techniques.