Linux Kernel MBHC Resource Leak Vulnerability in ASoC Codecs

A vulnerability exists in the Linux kernel's ASoC (ALSA System on Chip) codecs, specifically within the WCD MBHC (Multi-Button Headset Controller) version 2. The issue arises because MBHC resources are not properly released when a component probe fails or when the component is removed. This mismanagement can disrupt the sound card's probing process, leading to initialization errors. The vulnerability affects several Linux kernel versions, including 5.14, and has been addressed in a recent commit.

Impact

The vulnerability can cause resource leaks, leading to improper handling of interrupts and initialization failures in the audio codec component. This, in turn, can disrupt the functionality of the sound card, causing it to fail during the probing process.

Reproduction

The vulnerability can be reproduced by deferring the probing of a sound card that uses the WCD MBHC version 2 codec. This can be done by introducing a probe delay, which will cause the sound card to attempt to re-probe the codec component. During this process, the missing resource cleanup will lead to a failure in initializing the codec, as the interrupts required for proper functioning will not be correctly managed.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the patched version can be found on the official Linux kernel website.