Multiple invocations of prepare on the qcom q6apm-lpass-dai driver cause the driver to open audio processing graphs repeatedly, each open allocating memory that is never freed. The resulting memory leak can gradually consume system memory, especially during sustained playback or repeated device resets, leading to degraded performance or potential denial of service if resources become exhausted. The flaw does not give direct control over kernel code but can impact availability by exhausting a critical resource.

The vulnerability exists in the Linux kernel’s ASoC implementation for Qualcomm devices (Q6APM-LPASS-DAI). No specific kernel release numbers are cited, so any version that includes the affected driver code before the patch is potentially impacted. Linux is the sole product listed by the CNA, indicating all official Linux kernel releases that incorporate the driver are affected.

The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not been actively exploited in the wild. Based on the description, the likely attack vector is local, requiring that an attacker can invoke the prepare function repeatedly—this typically requires elevated privileges or direct manipulation of the audio subsystem. Exploitation would likely be non-interactive and could be performed by a compromised user process with the capability to interact with the affected audio device. The patch mitigates the issue by inserting a guard before opening the graph, thereby preventing additional open operations once one has already been performed.