In the Linux kernel, the following vulnerability has been resolved:
ASoC: ops: Consistently treat platform_max as control value
This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in sndsocput_volsw() by +min"), and makes some additional related updates.
There are two ways the platformmax could be interpreted; the maximum register value, or the maximum value the control can be set to. The patch moved from treating the value as a control value to a register one. When the patch was applied it was technically correct as sndsoclimitvolume() also used the register interpretation. However, even then most of the other usages treated platformmax as a control value, and sndsoclimitvolume() has since been updated to also do so in commit fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume"). That patch however, missed updating sndsocputvolsw() back to the control interpretation, and fixing sndsocinfovolswrange(). The control interpretation makes more sense as limiting is typically done from the machine driver, so it is appropriate to use the customer facing representation rather than the internal codec representation. Update all the code to consistently use this interpretation of platformmax.
Finally, also add some comments to the socmixercontrol struct to hopefully avoid further patches switching between the two approaches.