Linux Kernel NULL Pointer Dereference Vulnerability in ALSA USB Audio Mixer Controls

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ALSA USB audio subsystem, specifically within the mixer controls for UAC version 3 devices. The issue arises in the function 'snd_usb_mixer_controls_badd', where the Interface Association Descriptor (IAD) is retrieved. If this retrieval fails, the function incorrectly assumes the IAD is valid, leading to a potential NULL pointer dereference. This vulnerability was triggered by a crafted USB device descriptor, highlighting a flaw in error handling when interfacing with USB audio devices.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by sending a crafted USB device descriptor to a Linux system with a UAC version 3 device. This can be done using a tool like 'syzkaller', which is designed to fuzz and test the Linux kernel by sending unexpected or malformed data.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix is '632108ec072ad64c8c83db6e16a7efee29ebfb74', which is available in the Linux kernel stable tree.