Potential vulnerability in wcd9335_codec_enable_dec in Linux kernel through 5.1.5

Potential vulnerability in wcd9335_codec_enable_dec in Linux kernel through 5.1.5

CVE-2019-12454 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn't NUL-terminated, which is not the case

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.