Linux Kernel ASoC STM32 SAI OF Node Leak Vulnerability

A reference leak vulnerability has been identified in the Linux kernel's ASoC STM32 SAI driver. The issue arises when the synchronization provider's device tree node reference is not properly released during the platform probe process, particularly if the probe is deferred or the driver is unbound. This oversight can lead to a use-after-free condition if the digital audio interface (DAI) is reprobed without reestablishing the platform driver connection. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a reference leak, potentially leading to a use-after-free condition, which could be exploited to execute arbitrary code or cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by probing a platform device that uses the ASoC STM32 SAI driver. If the set_sync() callback fails, the reference to the synchronization provider's device tree node is dropped. However, in cases of platform probe failures or when the driver is unbound, this reference is not released, creating a leak. If the DAI is later reprobed without first rebinding the platform driver, it can trigger a use-after-free condition.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.