Linux Kernel Intel ASoC NULL Pointer Dereference Vulnerability in DAI Widget Handling

Vulnerability

A vulnerability in the Linux kernel's ASoC (Audio Stream Control) component for Intel platforms has been addressed. The issue arose because each CPU DAI (Digital Audio Interface) should be linked to a corresponding widget. However, the audio topology might not generate the correct number of DAI widgets for aggregated amplifiers, leading to a NULL pointer dereference. The vulnerability has been resolved by ensuring that the DAI widget associated with the CPU DAI is valid, thus preventing the NULL pointer dereference caused by missing DAI widgets in topologies with aggregated amplifiers.

Impact

Exploitation of this vulnerability could lead to a NULL pointer dereference, causing a crash or undefined behavior in the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Intel ASoC NULL Pointer Dereference Vulnerability in DAI Widget Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating