ACK/Cmnt: [SRU][F][PATCH 0/1] CVE-2021-47211
Jacob Martin
jacob.martin at canonical.com
Mon Apr 28 14:19:38 UTC 2025
On Wed, Apr 23, 2025 at 04:24:57PM -0700, Tim Whisonant wrote:
> SRU Justification:
>
> [Impact]
>
> ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
>
> The pointer cs_desc return from snd_usb_find_clock_source could
> be null, so there is a potential null pointer dereference issue.
> Fix this by adding a null check before dereference.
>
> [Fix]
>
> Oracular: not affected
> Noble: not affected
> Jammy: not affected
> Focal: backported from upstream
> Bionic: sent to ESM ML
> Xenial: sent to ESM ML
> Trusty: out of scope (medium CVE)
>
> [Test Plan]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The change occurs in the ALSA usb-audio driver. Issues might
> manifest as choppy or missing audio.
>
> Chengfeng Ye (1):
> ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
>
> sound/usb/clock.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> --
> 2.43.0
>
I agree with Ian's comment that the backport note should be a bit more
detailed, probably an explanation that you repeated the NULL check for
other invocations of snd_usb_find_clock_source*().
It's a simple diff and it's clear from it that this is what was done, so
I'm comfortable ACK'ing this.
Acked-by: Jacob Martin <jacob.martin at canonical.com>
More information about the kernel-team
mailing list