Linux Kernel ALH Copier NULL Pointer Dereference Vulnerability in ASoC SOF IPC4 Topology

A vulnerability in the Linux kernel's ASoC SOF IPC4 topology handling can lead to a NULL pointer dereference. This issue arises because non-DAI copier widgets may share the same stream name as the ALH copier, resulting in a NULL 'data' reference for the copier. Without the attached 'alh_data', the system can experience a crash due to the NULL pointer. While one potential workaround could involve checking for the NULL pointer in the 'sof_ipc4_prepare_copier_module()' function, this would not address a related issue in 'sof_ipc4_widget_setup_comp_dai()', which could miscalculate the ALH device count and disrupt audio functionality. The vulnerability has been resolved by strengthening the matching logic to ensure that the widget is a DAI widget, validating the 'dai' reference, and confirming that the copier is an ALH copier.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a system crash. Additionally, improper handling of the ALH device count can disrupt audio functionality.