Alexandros Toptsoglou

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.1.5 **Description** An issue was discovered in the `wcd9335 codec enable dec` function in `sound/soc/codecs/wcd9335.c`. It uses `kstrndup` instead of `kmemdup nul`, which may allow attackers to have an unspecified impact via unknown vectors. The vendor disputes this issue as not being a vulnerability because switching to `kmemdup nul()` would only fix a security issue if the source string wasn't NUL-terminated, which is not the case. **Recommendations** For Linux kernel versions through 5.1.5, consider updating to a version where this issue has been addressed, although the vendor does not consider it a vulnerability. As a temporary workaround, consider reviewing the usage of `kstrndup` and `kmemdup nul` in the code to ensure proper string handling. However, since the vendor disputes the vulnerability, there is no clear guidance on a fix. At the moment, there is no information about a newer version that contains a fix for this issue.