Linux Kernel NULL Dereference Vulnerability in AC97 Mixer Function

A vulnerability in the Linux kernel's AC97 mixer function can lead to a NULL pointer dereference. This issue is present in the AC97 codec handling of the Advanced Linux Sound Architecture (ALSA). The vulnerability arises because the function 'snd_ac97_mixer' incorrectly assumed that a pointer variable could not be NULL, which could lead to a crash or undefined behavior. The problem has been addressed by modifying the function to properly check for NULL pointers before proceeding.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the affected system or application.

Reproduction

The vulnerability can be reproduced by invoking the 'snd_ac97_mixer' function with a NULL pointer for the 'rac97' parameter. This can be done by creating an AC97 bus and template, then calling the mixer function without initializing the 'rac97' pointer. The function will attempt to dereference the NULL pointer, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.