{"id":"CVE-2021-47650","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-compress: prevent the potentially use of null pointer\n\nThere is one call trace that snd_soc_register_card()\n-\u003esnd_soc_bind_card()-\u003esoc_init_pcm_runtime()\n-\u003esnd_soc_dai_compress_new()-\u003esnd_soc_new_compress().\nIn the trace the 'codec_dai' transfers from card-\u003edai_link,\nand we can see from the snd_soc_add_pcm_runtime() in\nsnd_soc_bind_card() that, if value of card-\u003edai_link-\u003enum_codecs\nis 0, then 'codec_dai' could be null pointer caused\nby index out of bound in 'asoc_rtd_to_codec(rtd, 0)'.\nAnd snd_soc_register_card() is called by various platforms.\nTherefore, it is better to add the check in the case of misusing.\nAnd because 'cpu_dai' has already checked in soc_init_pcm_runtime(),\nthere is no need to check again.\nAdding the check as follow, then if 'codec_dai' is null,\nsnd_soc_new_compress() will not pass through the check\n'if (playback + capture != 1)', avoiding the leftover use of\n'codec_dai'.","modified":"2026-03-13T05:18:11.927363Z","published":"2025-02-26T06:37:06.780Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/fc237b8d624f4bcb0f21a532627ce4e3b3a85569"},{"type":"FIX","url":"https://git.kernel.org/stable/c/08af6da684b44097ea09f1d74d5858b837ed203b"},{"type":"FIX","url":"https://git.kernel.org/stable/c/4639c1d97f385f4784f44d66a3da0672f4951ada"},{"type":"FIX","url":"https://git.kernel.org/stable/c/68a69ad8df959e5211ed4a8e120783b2d352ea74"},{"type":"FIX","url":"https://git.kernel.org/stable/c/de2c6f98817fa5decb9b7d3b3a8a3ab864c10588"},{"type":"FIX","url":"https://git.kernel.org/stable/c/f69a75cb8a98c6c487d620442c68595726a69f60"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47650.json","unresolved_ranges":[{"events":[{"introduced":"5.4"},{"fixed":"5.4.189"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.110"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.33"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.16.19"}]},{"events":[{"introduced":"5.17"},{"fixed":"5.17.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}