CVE-2019-12454

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.1.5

Description An issue was discovered in the wcd9335 codec enable dec function in sound/soc/codecs/wcd9335.c. It uses kstrndup instead of kmemdup nul, which may allow attackers to have an unspecified impact via unknown vectors. The vendor disputes this issue as not being a vulnerability because switching to kmemdup nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case.

Recommendations For Linux kernel versions through 5.1.5, consider updating to a version where this issue has been addressed, although the vendor does not consider it a vulnerability. As a temporary workaround, consider reviewing the usage of kstrndup and kmemdup nul in the code to ensure proper string handling. However, since the vendor disputes the vulnerability, there is no clear guidance on a fix. At the moment, there is no information about a newer version that contains a fix for this issue.