CVE-2025-21870 Information

Mar 28, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

Other non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL no alh_data is attached which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH device count causing broken audio.

The correct fix is to harden the matching logic by making sure that the

  1. widget is a DAI widget - so dai = w->private is valid
  2. the dai (and thus the copier) is ALH copier

Reference

https://git.kernel.org/stable/c/6fd60136d256b3b948333ebdb3835f41a95ab7ef https://git.kernel.org/stable/c/87c8768a96092ce75cd47fe076db5080db7ac515 https://git.kernel.org/stable/c/93c6c2e5801aab09ef1ef99f248f3cd323c3f152

Share on: