Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is caused by a null pointer dereference in the snd cs5535audio interrupt handler of the sound/pci/cs5535audio/snd-cs5535audio.ko module. This can be exploited by an attacker to cause a denial of service in the operating system by connecting a CS5535 Audio device, which is represented as a PCI device. The problem lies in the process bm0 irq function, which is called from the snd cs5535audio interrupt handler, where a null pointer cs5535au->playback substream is dereferenced. The registration of the snd cs5535audio interrupt handler occurs in the snd cs5535audio create function, which is called from the snd cs5535audio probe handler. The error is that the initialization of cs5535au->playback substream happens after the registration of the interrupt handler, during the call to snd cs5535audio playback open, which is invoked after the registration of the snd cs5535audio playback ops structure in snd cs5535audio pcm.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.