Cezary Rojewski

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a null pointer dereference error in the ALSA component of the Linux kernel. This error occurs when assigning a stream, particularly when a user attempts to assign a COUPLED stream, which is not blocked by AudioDSP drivers. The supplied substream instance may be a stub, leading to a null pointer dereference when code-loading. This could allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the ALSA hda component of the Linux kernel, where unsetting the preset in `snd hda codec cleanup for unbind()` interferes with the module unload and load scenario, causing a null pointer dereference. This occurs because the `snd hda codec device new()` function expects a valid pointer to an instance of `struct snd card`, which can only be met once sound card components probing commences. The `preset` is assigned only once during device/driver matching, and the ASoC codec driver's module reloading may occur several times throughout the lifetime of an audio stack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.