CVE-2025-21870

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to the ASoC: SOF: ipc4-topology component, where loops for looking up ALH copiers were not properly hardened. This could lead to a NULL pointer dereference if other non-DAI copier widgets have the same stream name as the ALH copier. The problem arises because the copier->data is NULL and no alh data is attached. A similar loop in sof ipc4 widget setup comp dai() would miscalculate the ALH device count, causing broken audio. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, the matching logic should be hardened by ensuring that the widget is a DAI widget and the dai (and thus the copier) is an ALH copier. As a temporary workaround, consider adding a check for the NULL pointer in sof ipc4 prepare copier module() to avoid the crash. Additionally, the loop in sof ipc4 widget setup comp dai() should be corrected to accurately calculate the ALH device count. At the moment, there is no information about a newer version that contains a fix for this vulnerability.