Linux Kernel ASoC SOF Intel HDA Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ASoC SOF Intel HDA component. The issue arises because the 'tplg_filename' field in the 'sof_pdata' structure can be allocated using 'kstrdup()' and subsequently overwritten, leading to unreferenced memory. This leak was detected by 'kmemleak', which reported an unreferenced object corresponding to the 'sof-hda-generic' filename. The vulnerability exists in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a sound card driver that uses the ASoC SOF Intel HDA component. During the initialization process, the 'tplg_filename' is duplicated using 'kstrdup()' without proper management, allowing for a memory leak. This can be observed using the 'kmemleak' tool, which will report the leaked memory as an unreferenced object.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.