CVE-2025-40121 | ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This patch adds the sanity check and corrects the input mapping to the certain default value if an invalid value is passed.

Published: 2025-11-12 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-40121 is rated Low Risk (18.2/100): low exploitation likelihood (EPSS 0.06%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-40121

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-22	0.04%	0.06%	+0.01%
2	2026-04-10	0.06%	0.04%	-0.01%
3	2025-11-26	—	0.06%	—

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-40121

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-40121

OS Trackers for CVE-2025-40121

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-40121 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6.	https://security-tracker.debian.org/tracker/CVE-2025-40121
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2025-40121
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2025-40121/
`ubuntu`	medium	CVE-2025-40121 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 177, released 158, needed 30, not-affected 27, pending 3.	https://ubuntu.com/security/CVE-2025-40121

Affected software / configurations for CVE-2025-40121

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-40121

URL	Tags
https://git.kernel.org/stable/c/2204e582b4eea872e1e7a5c90edcb84b928c68b0
https://git.kernel.org/stable/c/4336efb59ef364e691ef829a73d9dbd4d5ed7c7b
https://git.kernel.org/stable/c/64a36a7032082b4c330ce081acb6efb99246020e
https://git.kernel.org/stable/c/95e29db33b5f73218ae08ebb48c61c9a8d28e2ff
https://git.kernel.org/stable/c/bff827b0d507e52b23efab9f67c232a4f037ab2c
https://git.kernel.org/stable/c/c60f269c123210a6846d6d1367de0eaa402c10b0
https://git.kernel.org/stable/c/f197894de2f4ef46c7d53827d9df294b75c35e13
https://git.kernel.org/stable/c/fdf99978a6480e14405212472b6c747e0fa43bed

cvelogic Threat Intelligence