Primary

Context

Linux Kernel Soundwire Port Configuration Buffer Overflow Vulnerability

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Linux kernel's Soundwire implementation for Qualcomm devices. The issue arises in the 'qcom_swrm_ctrl' structure, where the port configuration array 'pconfig' is sized for a maximum of 14 ports. However, the indexing starts at 1 to align with actual port numbers, leading to potential writes beyond the allocated buffer and overwriting adjacent memory. This vulnerability was flagged by the kernel test robot and Dan Carpenter, and has been addressed in a recent patch.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for memory corruption by overwriting parts of the 'qcom_swrm_ctrl' structure.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Stable Patches repository.

Added: Oct 1, 2025, 2:39 PM

Updated: Oct 1, 2025, 2:39 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Soundwire Port Configuration Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating