Linux Kernel ASoC Intel Quirk Input Mapping Vulnerability

A vulnerability in the Linux kernel's ASoC Intel bytecr_rt5651 driver allows for out-of-bounds access due to improper handling of quirk option values. When an invalid value is received, the driver currently ignores it, which can lead to unexpected behavior. This issue has been addressed by implementing a sanity check that corrects the input mapping to a default value when an invalid quirk is detected.

Impact

The vulnerability could lead to out-of-bounds access, potentially causing memory corruption or other unintended behavior.

Reproduction

To reproduce this vulnerability, pass an invalid value through the quirk option of the bytecr_rt5651 driver. The driver will ignore the invalid input, which can result in out-of-bounds access.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archives.