CVE-2023-52674

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()

Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_values[].

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9e4d5c1be21f0c00e747e92186784f3298309b3e < e517645ead5ea22c69d2a44694baa23fe1ce7c2baffected
LinuxLinux9e4d5c1be21f0c00e747e92186784f3298309b3e < d8d8897d65061cbe36bf2909057338303a904810affected
LinuxLinux9e4d5c1be21f0c00e747e92186784f3298309b3e < 03035872e17897ba89866940bbc9cefca601e572affected
LinuxLinux9e4d5c1be21f0c00e747e92186784f3298309b3e < ad945ea8d47dd4454c271510bea24850119847c2affected
LinuxLinux9e4d5c1be21f0c00e747e92186784f3298309b3e < 04f8f053252b86c7583895c962d66747ecdc61b7affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.15.148 <= 5.15.*unaffected
LinuxLinux6.1.75 <= 6.1.*unaffected
LinuxLinux6.6.14 <= 6.6.*unaffected
LinuxLinux6.7.2 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References