Linux Kernel Out-of-Bounds Access Vulnerability in ASoC SOF IPC3 Topology

Vulnerability

A vulnerability in the Linux kernel's ASoC SOF IPC3 topology handling can lead to out-of-bounds access. The issue arises in the 'sof_get_control_data()' function, which expects to process only byte-type payloads. However, it also accommodates other control types, leading to potential memory access errors. The vulnerability can be exploited by crafting a specific topology that misaligns with the expected data types.

Impact

Exploitation of this vulnerability could result in out-of-bounds memory access, potentially leading to memory corruption or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Out-of-Bounds Access Vulnerability in ASoC SOF IPC3 Topology

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating