Linux Kernel Audio Component Removal Order Vulnerability Causes Kernel Crash

A vulnerability in the Linux kernel's Audio Stream Control (ASoC) subsystem for Qualcomm's qdsp6 audio processing module has been identified. The issue arises during the Audio Digital Signal Processor (ADSP) stop and start phases, where the kernel experiences a crash. This crash is caused by the improper order of removal for ASoC components. Specifically, the q6apm-audio .remove callback disrupts the component topology and eliminates Pulse Code Modulation (PCM) runtimes too early in the teardown process. As a result, the Runtime Data Structures (RTDs) containing the q6apm Digital Audio Interface (DAI) components are deleted before they can be properly unlinked, leaving them attached to the audio card. This mismanagement leads to a NULL pointer dereference error and a subsequent crash during the next rebind operation.

Impact

The vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting the normal operation of the audio subsystem and potentially leading to a system-wide failure.

Reproduction

The vulnerability can be reproduced by stopping and starting the ADSP while the q6apm audio component is active. During this process, the kernel will crash due to the improper removal order of the ASoC components, specifically when the q6apm DAI components are unlinked from the audio card before they can be properly removed.

Remediation

The vulnerability has been addressed by modifying the component removal order. The q6apm component now ensures that all dependent child components are removed before it is unlinked, preventing the crashes that occurred during the rebind process.