Cristian Ciocaltea

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the `amd sof acp probe()` function. The driver uses `kasprintf()` to initialize `fw {code,data} bin` members of `struct acp dev data`, but `kfree()` is never called to deallocate the memory, resulting in a memory leak. This issue can be exploited to cause a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include: - The `amd sof acp probe()` function is vulnerable. - The `kasprintf()` function is used to initialize `fw {code,data} bin` members of `struct acp dev data`. - The `kfree()` function is not called to deallocate the memory. **Recommendations** To fix the issue, switch to `devm kasprintf()` and ensure the allocation was successful by checking the pointer validity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.