CVE-2025-37889

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: ops: Consistently treat platform_max as control value<br /> <br /> This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in<br /> snd_soc_put_volsw() by +min"), and makes some additional related<br /> updates.<br /> <br /> There are two ways the platform_max could be interpreted; the maximum<br /> register value, or the maximum value the control can be set to. The<br /> patch moved from treating the value as a control value to a register<br /> one. When the patch was applied it was technically correct as<br /> snd_soc_limit_volume() also used the register interpretation. However,<br /> even then most of the other usages treated platform_max as a<br /> control value, and snd_soc_limit_volume() has since been updated to<br /> also do so in commit fb9ad24485087 ("ASoC: ops: add correct range<br /> check for limiting volume"). That patch however, missed updating<br /> snd_soc_put_volsw() back to the control interpretation, and fixing<br /> snd_soc_info_volsw_range(). The control interpretation makes more<br /> sense as limiting is typically done from the machine driver, so it is<br /> appropriate to use the customer facing representation rather than the<br /> internal codec representation. Update all the code to consistently use<br /> this interpretation of platform_max.<br /> <br /> Finally, also add some comments to the soc_mixer_control struct to<br /> hopefully avoid further patches switching between the two approaches.