CVE-2022-49518

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload<br /> <br /> It is possible to craft a topology where sof_get_control_data() would do<br /> out of bounds access because it expects that it is only called when the<br /> payload is bytes type.<br /> Confusingly it also handles other types of controls, but the payload<br /> parsing implementation is only valid for bytes.<br /> <br /> Fix the code to count the non bytes controls and instead of storing a<br /> pointer to sof_abi_hdr in sof_widget_data (which is only valid for bytes),<br /> store the pointer to the data itself and add a new member to save the size<br /> of the data.<br /> <br /> In case of non bytes controls we store the pointer to the chanv itself,<br /> which is just an array of values at the end.<br /> <br /> In case of bytes control, drop the wrong cdata-&gt;data (wdata[i].pdata) check<br /> against NULL since it is incorrect and invalid in this context.<br /> The data is pointing to the end of cdata struct, so it should never be<br /> null.