Linux Kernel NULL Pointer Dereference Vulnerability in ASoC Qcom Q6APM LPASS DAIS

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ASoC Qcom Q6APM LPASS DAIS component. This issue arises when the source graph preparation fails, such as when ADSP rejects the topology. In such cases, the graph is closed, and the corresponding DAI graph data is set to NULL. However, the DAI is still prepared for the sink graph, leading to a NULL pointer exception when the graph data is accessed. This vulnerability has been addressed in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a kernel NULL pointer dereference, causing a crash or undefined behavior in the system.

Reproduction

The vulnerability can be reproduced by configuring an audio topology that is rejected by the ADSP due to incorrect settings. This failure will close the source graph and set the DAI graph data to NULL. Despite this, the DAI will still be prepared for the sink graph, resulting in a NULL pointer dereference when the graph data is accessed during the preparation process.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.