Volerion logoVolerion
Volerion logoVolerion

Linux Kernel SoundWire Port Memory Corruption Vulnerability in ASoC Codecs WCD937X

Vulnerability

A memory corruption vulnerability has been identified in the Linux kernel's ASoC codecs for the WCD937X component. This issue arises because the SoundWire port for the HPHL_COMP and HPHR_COMP components is incorrectly set to zero. Consequently, this misconfiguration can lead to memory corruption by allowing access to and modification of the -1 element in the port_map array. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause memory corruption, potentially leading to undefined behavior or exploitation opportunities.

Reproduction

The vulnerability can be reproduced by configuring the ASoC WCD937X codec in a way that the HPHL_COMP and HPHR_COMP SoundWire ports are set to zero. This misconfiguration can then be exploited by accessing the port_map array, specifically the -1 element, which is out of bounds and can cause memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.

Added: Oct 28, 2025, 1:06 PM
Updated: Oct 28, 2025, 1:06 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
5.7
remediation
7.7
relevance
0.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.