References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls

The size of the data behind of scontrol->ipc_control_data for bytes
controls is:
[1] sizeof(struct sof_ipc4_control_data) + // kernel only struct
[2] sizeof(struct sof_abi_hdr)) + payload

The max_size specifies the size of [2] and it is coming from topology.

Change the function to take this into account and allocate adequate amount
of memory behind scontrol->ipc_control_data.

With the change we will allocate [1] amount more memory to be able to hold
the full size of data.

https://git.kernel.org/stable/c/1237cd9ff198cb882402572f29569e5247190974

https://git.kernel.org/stable/c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1

https://git.kernel.org/stable/c/59fe643f21b9d59bcbedb0dfbf988ee455c23736

https://git.kernel.org/stable/c/a653820700b81c9e6f05ac23b7969ecec1a18e85

https://git.kernel.org/stable/c/a704a1a4394b5877b9adc31b2c3165ad0b541896