CVE-2021-47502

ASoC: codecs: wcd934x: handle channel mappping list correctly

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

ASoC: codecs: wcd934x: handle channel mappping list correctly

Currently each channel is added as list to dai channel list, however
there is danger of adding same channel to multiple dai channel list
which endups corrupting the other list where its already added.

This patch ensures that the channel is actually free before adding to
the dai channel list and also ensures that the channel is on the list
before deleting it.

This check was missing previously, and we did not hit this issue as
we were testing very simple usecases with sequence of amixer commands.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: códecs: wcd934x: maneja correctamente la lista de asignación de canales Actualmente, cada canal se agrega como lista a la lista de canales dai, sin embargo, existe el peligro de agregar el mismo canal a varias listas de canales dai, lo que termina corrompiendo la otra lista donde ya está agregada. Este parche garantiza que el canal esté realmente libre antes de agregarlo a la lista de canales dai y también garantiza que el canal esté en la lista antes de eliminarlo. Esta verificación faltaba anteriormente y no encontramos este problema ya que estábamos probando casos de uso muy simples con una secuencia de comandos de amixer.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-22 CVE Reserved
2024-05-24 CVE Published
2024-05-25 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/a70d9245759a48e57bb1dc9f63213dcf3017db32	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/1089dac26c6b4b833323ae6c0ceab29fb30ede72	2021-12-14
https://git.kernel.org/stable/c/339ffb5b56005582aacc860524d2d208604049d1	2021-12-14
https://git.kernel.org/stable/c/23ba28616d3063bd4c4953598ed5e439ca891101	2021-12-01

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.10.85 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.85"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.15.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.16"		en		Affected