mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
45 lines
3.4 KiB
JSON
45 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2021-47650",
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"published": "2025-02-26T06:37:06.780",
|
|
"lastModified": "2025-02-26T06:37:06.780",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-compress: prevent the potentially use of null pointer\n\nThere is one call trace that snd_soc_register_card()\n->snd_soc_bind_card()->soc_init_pcm_runtime()\n->snd_soc_dai_compress_new()->snd_soc_new_compress().\nIn the trace the 'codec_dai' transfers from card->dai_link,\nand we can see from the snd_soc_add_pcm_runtime() in\nsnd_soc_bind_card() that, if value of card->dai_link->num_codecs\nis 0, then 'codec_dai' could be null pointer caused\nby index out of bound in 'asoc_rtd_to_codec(rtd, 0)'.\nAnd snd_soc_register_card() is called by various platforms.\nTherefore, it is better to add the check in the case of misusing.\nAnd because 'cpu_dai' has already checked in soc_init_pcm_runtime(),\nthere is no need to check again.\nAdding the check as follow, then if 'codec_dai' is null,\nsnd_soc_new_compress() will not pass through the check\n'if (playback + capture != 1)', avoiding the leftover use of\n'codec_dai'."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: soc-compress: evita el posible uso de un puntero nulo Hay un seguimiento de llamada que snd_soc_register_card() ->snd_soc_bind_card()->soc_init_pcm_runtime() ->snd_soc_dai_compress_new()->snd_soc_new_compress(). En el seguimiento, 'codec_dai' se transfiere desde card->dai_link, y podemos ver desde snd_soc_add_pcm_runtime() en snd_soc_bind_card() que, si el valor de card->dai_link->num_codecs es 0, entonces 'codec_dai' podr\u00eda ser un puntero nulo causado por un \u00edndice fuera de los l\u00edmites en 'asoc_rtd_to_codec(rtd, 0)'. Adem\u00e1s, varias plataformas llaman a snd_soc_register_card(), por lo que es mejor agregar la verificaci\u00f3n en caso de uso incorrecto. Y como 'cpu_dai' ya se ha verificado en soc_init_pcm_runtime(), no es necesario volver a verificar. Si se agrega la verificaci\u00f3n de la siguiente manera, si 'codec_dai' es nulo, snd_soc_new_compress() no pasar\u00e1 la verificaci\u00f3n 'if (playback + capture != 1)', lo que evita el uso sobrante de 'codec_dai'."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/08af6da684b44097ea09f1d74d5858b837ed203b",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4639c1d97f385f4784f44d66a3da0672f4951ada",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/68a69ad8df959e5211ed4a8e120783b2d352ea74",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/de2c6f98817fa5decb9b7d3b3a8a3ab864c10588",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/f69a75cb8a98c6c487d620442c68595726a69f60",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/fc237b8d624f4bcb0f21a532627ce4e3b3a85569",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
|
|
}
|
|
]
|
|
} |