Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_ipc4_control_data) + // kernel only struct [2] sizeof(struct sof_abi_hdr)) + payload The max_size specifies the size of [2] and it is coming from topology. Change the function to take this into account and allocate adequate amount of memory behind scontrol->ipc_control_data. With the change we will allocate [1] amount more memory to be able to hold the full size of data.
Product status
a382082ff74b036944cbc5b6ad29b65f633acd3a (git) before 59fe643f21b9d59bcbedb0dfbf988ee455c23736
a382082ff74b036944cbc5b6ad29b65f633acd3a (git) before 491956b45b5f4933632ea6d8a8bdfdf045ab81e1
a382082ff74b036944cbc5b6ad29b65f633acd3a (git) before a704a1a4394b5877b9adc31b2c3165ad0b541896
a382082ff74b036944cbc5b6ad29b65f633acd3a (git) before 1237cd9ff198cb882402572f29569e5247190974
a382082ff74b036944cbc5b6ad29b65f633acd3a (git) before a653820700b81c9e6f05ac23b7969ecec1a18e85
6.4
Any version before 6.4
6.6.128 (semver)
6.12.75 (semver)
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/59fe643f21b9d59bcbedb0dfbf988ee455c23736
git.kernel.org/...c/491956b45b5f4933632ea6d8a8bdfdf045ab81e1
git.kernel.org/...c/a704a1a4394b5877b9adc31b2c3165ad0b541896
git.kernel.org/...c/1237cd9ff198cb882402572f29569e5247190974
git.kernel.org/...c/a653820700b81c9e6f05ac23b7969ecec1a18e85