Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH device count, causing broken audio. The correct fix is to harden the matching logic by making sure that the 1. widget is a DAI widget - so dai = w->private is valid 2. the dai (and thus the copier) is ALH copier
INFO
Published Date :
2025-03-27T13:38:22.849Z
Last Modified :
2025-03-27T13:38:22.849Z
Source :
Linux
AFFECTED PRODUCTS
The following products are affected by CVE-2025-21870 vulnerability.
No data.
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21870.
