CVE-2023-52663

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()

Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak.

Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf7da88003c53cf0eedabe609324a047b1921dfcc < 88028c45d5871dfc449b2b0a27abf6428453a5ecaffected
LinuxLinuxf7da88003c53cf0eedabe609324a047b1921dfcc < be4760799c6a7c01184467287f0de41e0dd255f8affected
LinuxLinuxf7da88003c53cf0eedabe609324a047b1921dfcc < 7296152e58858f928db448826eb7ba5ae611297baffected
LinuxLinuxf7da88003c53cf0eedabe609324a047b1921dfcc < 222be59e5eed1554119294edc743ee548c2371d0affected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References