Linux Kernel ASoC Codecs TX Macro Out-of-Bounds Vulnerability

A vulnerability allowing a slab-out-of-bounds read has been identified in the ASoC (ALSA System on Chip) component of the Linux kernel, specifically within the codecs for the TX macro. This issue arises from the improper handling of a decimator variable, which was originally defined as a 32-bit integer. The vulnerability was discovered while running syzkaller, a fuzzing tool, which triggered the out-of-bounds read in the 'regcache_flat_read' function. The backtrace of this issue indicates that the vulnerability could be exploited through the 'tx_macro_digital_mute' function, among others. By changing the variable type from 32 bits to 8 bits, the issue has been resolved.

Impact

Exploitation of this vulnerability leads to a slab-out-of-bounds read, which can potentially be exploited to cause a use-after-free condition or to read sensitive information from memory.

Reproduction

The vulnerability can be reproduced by using the syzkaller fuzzer, which will trigger the out-of-bounds read in the 'regcache_flat_read' function. This can be done by running syzkaller with a configuration that targets the ASoC codecs, specifically the TX macro component.

Remediation

The vulnerability has been fixed in the official Linux Git repository. Users can upgrade to the latest version to address this issue.