CVE-2021-47650

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential null pointer issue has been identified in the Linux kernel, specifically in the ASoC (Audio System on Chip) component. The issue arises from the snd soc register card() function call, which leads to a series of function calls including snd soc bind card(), soc init pcm runtime(), snd soc dai compress new(), and snd soc new compress(). In this call trace, the codec dai variable is transferred from card->dai link, and if the value of card->dai link->num codecs is 0, codec dai could become a null pointer due to an index out of bounds error in asoc rtd to codec(rtd, 0). This issue can be mitigated by adding a check to prevent the misuse of the null pointer.

Recommendations To resolve this issue, add a check in the snd soc new compress() function to ensure that codec dai is not null before proceeding with the compression setup. If codec dai is null, the function should not pass the check if (playback + capture != 1), thereby avoiding the potential misuse of the null pointer. As a temporary workaround, consider adding a null check for codec dai in the snd soc dai compress new() function to prevent the null pointer issue.