Linux Kernel Audio Subsystem Compression Stream Mutex Handling Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's Audio Subsystem Compression (ASoC) component can cause a kernel panic. This issue arises when the 'panic_on_warn' option is enabled, and a compression stream is initiated without properly locking the 'pcm_mutex'. The lack of mutex handling triggers a warning, which, if 'panic_on_warn' is active, results in a kernel panic. The vulnerability is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing the system to stop all processes and require a reboot.

Reproduction

To reproduce this vulnerability, enable the 'panic_on_warn' option in the Linux kernel. Then, start a compression stream in the Audio Subsystem without locking the 'pcm_mutex'. This can be done by calling the 'soc_compr_open_fe' function, which processes the stream paths without the necessary mutex locking. The absence of the mutex lock will trigger a warning, and the subsequent kernel panic will occur due to the 'panic_on_warn' setting.

Remediation

The vulnerability has been addressed by repositioning and adding the 'pcm_mutex' lock in the relevant functions. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.