Linux Kernel NULL Pointer Dereference Vulnerability in ASoC Qualcomm Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ASoC Qualcomm driver for the LPASS SC7180 platform. The issue arises because the 'devm_kcalloc' function can return NULL, and the return value was not properly checked, leading to a potential NULL pointer dereference. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by loading the ASoC Qualcomm LPASS SC7180 platform driver on a Linux kernel version that lacks the NULL pointer check after the 'devm_kcalloc' call. This can be done by compiling the kernel with the vulnerable driver and then loading the module on a device that uses the SC7180 platform.

Remediation

Users can upgrade to a patched version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.