CVE-2021-47381 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, assigned CVE-2021-47381, affects the Linux kernel's ASoC (ALSA System on Chip) driver, specifically the SOF (Sound Open Firmware) component. The issue arises from incorrect usage of the `hex_dump_to_buffer()` function and an improper stack address used in error output.

 In the affected code, the `@buf` argument passed to `hex_dump_to_buffer()` is flawed, leading to a faulty stack dump output when a DSP oops (out-of-specification) event occurs. This can result in unpredictable behavior or information leaks.

 The vulnerability was introduced in kernel version 5.2 with commit e657c18a01c8 and has been fixed in versions 5.14.10 (commit a6bb576ead07) and 5.15 (commit ac4dfccb9657). The affected file is `sound/soc/sof/xtensa/core.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version, as individual changes are not tested or supported in isolation.
	The vulnerability, assigned CVE-2021-47381, affects the Linux kernel's ASoC (ALSA System on Chip) driver, specifically the SOF (Sound Open Firmware) component. The issue arises from incorrect usage of the `hex_dump_to_buffer()` function and an improper stack address used in error output.

	In the affected code, the `@buf` argument passed to `hex_dump_to_buffer()` is flawed, leading to a faulty stack dump output when a DSP oops (out-of-specification) event occurs. This can result in unpredictable behavior or information leaks.

	The vulnerability was introduced in kernel version 5.2 with commit e657c18a01c8 and has been fixed in versions 5.14.10 (commit a6bb576ead07) and 5.15 (commit ac4dfccb9657). The affected file is `sound/soc/sof/xtensa/core.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version, as individual changes are not tested or supported in isolation.