CVE-2025-21870

MEDIUM

Linux kernel - Null Pointer Dereference

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH device count, causing broken audio. The correct fix is to harden the matching logic by making sure that the 1. widget is a DAI widget - so dai = w->private is valid 2. the dai (and thus the copier) is ALH copier

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/87c8768a96092ce75cd47fe076db5080db7ac515

Patch

https://git.kernel.org/stable/c/93c6c2e5801aab09ef1ef99f248f3cd323c3f152

Patch

https://git.kernel.org/stable/c/6fd60136d256b3b948333ebdb3835f41a95ab7ef

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (12)

linux/Kernel 6.0.0 - 6.12.17linux

linux/Kernel 6.13.0 - 6.13.5linux

Linux/Linux < 6.0

Linux/Linux 6.0

Linux/Linux 6.12.17 - 6.12.*

Linux/Linux 6.13.5 - 6.13.*

Linux/Linux 6.14

Linux/Linux a150345aa758492e05d2934f318ce7c2566b1cfe - 6fd60136d256b3b948333ebdb3835f41a95ab7ef

Linux/Linux a150345aa758492e05d2934f318ce7c2566b1cfe - 87c8768a96092ce75cd47fe076db5080db7ac515

Linux/Linux a150345aa758492e05d2934f318ce7c2566b1cfe - 93c6c2e5801aab09ef1ef99f248f3cd323c3f152

... and 2 more

Published Mar 27, 2025

Tracked Since Feb 18, 2026