ACK/Cmnt: [SRU][F][PATCH 0/1] CVE-2021-47211
Ian Whitfield
ian.whitfield at canonical.com
Thu Apr 24 23:24:10 UTC 2025
On Wed, Apr 23, 2025 at 04:24:57PM -0700, Tim Whisonant wrote:
> SRU Justification:
>
> [Impact]
>
> ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
>
> The pointer cs_desc return from snd_usb_find_clock_source could
> be null, so there is a potential null pointer dereference issue.
> Fix this by adding a null check before dereference.
>
> [Fix]
>
> Oracular: not affected
> Noble: not affected
> Jammy: not affected
> Focal: backported from upstream
> Bionic: sent to ESM ML
> Xenial: sent to ESM ML
> Trusty: out of scope (medium CVE)
>
> [Test Plan]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The change occurs in the ALSA usb-audio driver. Issues might
> manifest as choppy or missing audio.
>
> Chengfeng Ye (1):
> ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
>
> sound/usb/clock.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
The contents of the patch are good. I personally think the backport note could
have been more descriptive of how the patch was edited from upstream, context
adjustment typically means the effective lines of the fix from upstream were
unchanged and only the surrounding context was different due to unrelated
commits, but in the case of this patch the fix lines are pasted to two parts
of the function, which goes beyond a context adjustment. Explaining too much
in a backport note, on the other hand, is usually not an issue. This is a minor
(and opinionated) thing though so I have no problem ACKing it.
Acked-by: Ian Whitfield <ian.whitfield at canonical.com>
More information about the kernel-team
mailing list