CVE-2023-52806

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix possible null-ptr-deref when assigning a stream

While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may be a stub, what is the case when code-loading, such scenario ends with null-ptr-deref.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 7de25112de8222fd20564769e6c99dc9f9738a0baffected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 758c7733cb821041f5fd403b7b97c0b95d319323affected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 2527775616f3638f4fd54649eba8c7b84d5e4250affected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 25354bae4fc310c3928e8a42fda2d486f67745d7affected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 631a96e9eb4228ff75fce7e72d133ca81194797eaffected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 43b91df291c8802268ab3cfd8fccfdf135800ed4affected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0affected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < 4a320da7f7cbdab2098b103c47f45d5061f42eddaffected
LinuxLinux14752412721c61d9ac1e8d8fb51d7148cb15f85b < f93dc90c2e8ed664985e366aa6459ac83cdab236affected
LinuxLinux4.2affected
LinuxLinux0 < 4.2unaffected
LinuxLinux4.14.331 <= 4.14.*unaffected
LinuxLinux4.19.300 <= 4.19.*unaffected
LinuxLinux5.4.262 <= 5.4.*unaffected
LinuxLinux5.10.202 <= 5.10.*unaffected
LinuxLinux5.15.140 <= 5.15.*unaffected
LinuxLinux6.1.64 <= 6.1.*unaffected
LinuxLinux6.5.13 <= 6.5.*unaffected
LinuxLinux6.6.3 <= 6.6.*unaffected
LinuxLinux6.7 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References