CVE-2024-57805: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP
Description
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP
The linkDMA should not be released on stop trigger since a stream re-start
might happen without closing of the stream. This leaves a short time for
other streams to 'steal' the linkDMA since it has been released.
This issue is not easy to reproduce under normal conditions as usually
after stop the stream is closed, or the same stream is restarted, but if
another stream got in between the stop and start, like this:
aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120
CTRL+z
aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120
then the link DMA channels will be mixed up, resulting firmware error or
crash.
Classification
CVE ID: CVE-2024-57805
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.47% (scored less or equal to compared to others)
EPSS Date: 2025-02-09 (when was this score calculated)
References
https://git.kernel.org/stable/c/909ecf15cb70f78cdb5c930f58df01db039a0ff8https://git.kernel.org/stable/c/e8d0ba147d901022bcb69da8d8fd817f84e9f3ca