Linux Kernel ASoC Component Null Pointer Dereference Vulnerability

Vulnerability

A vulnerability in the Linux kernel's ASoC (ALSA System on Chip) component can lead to a null pointer dereference. This issue arises when the 'codec_dai' variable, which is derived from the card's DAI (Digital Audio Interface) link, is accessed without proper validation. If the DAI link's 'num_codecs' is zero, 'codec_dai' becomes null, causing an out-of-bounds error. The vulnerability is triggered during the registration of sound cards, a process invoked by various platforms.

Impact

Exploitation of this vulnerability can cause a null pointer dereference, leading to a system crash or undefined behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ASoC Component Null Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating