| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100418-CVE-2025-39938-6508@gregkh> Date: Sat, 4 Oct 2025 09:33:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39938: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails (e.g. ADSP rejects due to incorrect audioreach topology), the graph is closed and "dai_data->graph[dai->id]" is assigned NULL. Preparing the DAI for sink graph continues though and next call to q6apm_lpass_dai_prepare() receives dai_data->graph[dai->id]=NULL leading to NULL pointer exception: qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78 q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22 Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8 ... Call trace: q6apm_graph_media_format_pcm+0x48/0x120 (P) q6apm_lpass_dai_prepare+0x110/0x1b4 snd_soc_pcm_dai_prepare+0x74/0x108 __soc_pcm_prepare+0x44/0x160 dpcm_be_dai_prepare+0x124/0x1c0 The Linux kernel CVE team has assigned CVE-2025-39938 to this issue. Affected and fixed versions =========================== Issue introduced in 5.16 with commit 30ad723b93ade607a678698e5947a55a4375c3a1 and fixed in 6.1.154 with commit 01d1ba106c9e02a2e7d41e07be49031a0ff0ecaa Issue introduced in 5.16 with commit 30ad723b93ade607a678698e5947a55a4375c3a1 and fixed in 6.6.108 with commit 411f7d4f7038200cdf6d4f71ee31026ebf2dfedb Issue introduced in 5.16 with commit 30ad723b93ade607a678698e5947a55a4375c3a1 and fixed in 6.12.49 with commit 9c534dbfd1726502abcf0bd393a04214f62c050b Issue introduced in 5.16 with commit 30ad723b93ade607a678698e5947a55a4375c3a1 and fixed in 6.16.9 with commit cc336b242ea7e7a09b3ab9f885341455ca0a3bdb Issue introduced in 5.16 with commit 30ad723b93ade607a678698e5947a55a4375c3a1 and fixed in 6.17 with commit 68f27f7c7708183e7873c585ded2f1b057ac5b97 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39938 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/soc/qcom/qdsp6/q6apm-lpass-dais.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/01d1ba106c9e02a2e7d41e07be49031a0ff0ecaa https://git.kernel.org/stable/c/411f7d4f7038200cdf6d4f71ee31026ebf2dfedb https://git.kernel.org/stable/c/9c534dbfd1726502abcf0bd393a04214f62c050b https://git.kernel.org/stable/c/cc336b242ea7e7a09b3ab9f885341455ca0a3bdb https://git.kernel.org/stable/c/68f27f7c7708183e7873c585ded2f1b057ac5b97
Powered by blists - more mailing lists