Linux Kernel ALSA Scarlett2 NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's ALSA USB Scarlett2 driver has been addressed. The issue arose because the 'scarlett2_input_select_ctl_info' function allocated string arrays using 'kasprintf() 'but failed to check for NULL values. This oversight could lead to a NULL pointer dereference, causing a system crash. The vulnerability has been fixed by adding the necessary NULL checks.

Impact

The vulnerability could lead to a NULL pointer dereference, causing a system crash.

Reproduction

The vulnerability can be reproduced by invoking the 'scarlett2_input_select_ctl_info' function without proper NULL checks in place. This can occur when the function is called with a number of inputs that exceeds the driver's handling capacity, leading to a NULL pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.