CVE-2025-21870
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH device count, causing broken audio.
The correct fix is to harden the matching logic by making sure that the
- widget is a DAI widget - so dai = w->private is valid
- the dai (and thus the copier) is ALH copier
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a150345aa758492e05d2934f318ce7c2566b1cfe < 87c8768a96092ce75cd47fe076db5080db7ac515 | affected |
| Linux | Linux | a150345aa758492e05d2934f318ce7c2566b1cfe < 93c6c2e5801aab09ef1ef99f248f3cd323c3f152 | affected |
| Linux | Linux | a150345aa758492e05d2934f318ce7c2566b1cfe < 6fd60136d256b3b948333ebdb3835f41a95ab7ef | affected |
| Linux | Linux | 6.0 | affected |
| Linux | Linux | 0 < 6.0 | unaffected |
| Linux | Linux | 6.12.17 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.5 <= 6.13.* | unaffected |
| Linux | Linux | 6.14 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/87c8768a96092ce75cd47fe076db5080db7ac515
- https://git.kernel.org/stable/c/93c6c2e5801aab09ef1ef99f248f3cd323c3f152
- https://git.kernel.org/stable/c/6fd60136d256b3b948333ebdb3835f41a95ab7ef
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.