Linux Kernel ASoC NULL Pointer Dereference Vulnerability in snd_soc_remove_pcm_runtime

A null pointer dereference vulnerability has been identified in the Linux kernel's ASoC (ALSA System on Chip) component. The issue arises in the snd_soc_remove_pcm_runtime() function, which can be called with a NULL runtime pointer (rtd). This vulnerability was reproduced by loading a topology that ignored a link due to a missing hardware component, resulting in no runtime being created. When the module was removed, the soc_tplg_remove_link() function called snd_soc_remove_pcm_runtime() with rtd set to NULL, leading to the null pointer dereference.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which typically leads to a crash of the affected component or application.

Reproduction

To reproduce this vulnerability, load an ASoC topology that includes a link marked as ignored due to a missing hardware component. When the link is ignored, no runtime is created. Upon removing the module, the soc_tplg_remove_link() function will call snd_soc_remove_pcm_runtime() with rtd set to NULL, since the link was ignored and no runtime was established.

Remediation

The vulnerability has been addressed in the official Linux Git repository. Users can upgrade to the latest version to mitigate this issue.