CVE-2023-52988

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < 437e50ef6290ac835d526d0e45f466a0aa69ba1baffected
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < 6e1f586ddec48d71016b81acf68ba9f49ca54db8affected
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < d6870f3800dbb212ae8433183ee82f566d067c6caffected
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < 2b557fa635e7487f638c0f030c305870839eeda2affected
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < 1b9256c96220bcdba287eeeb90e7c910c77f8c46affected
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < f011360ad234a07cb6fbcc720fff646a93a9f0d6affected
LinuxLinux30b4503378c976cf66201a1e81820519f6bd79ac < b9cee506da2b7920b5ea02ccd8e78a907d0ee7aaaffected
LinuxLinux3.1affected
LinuxLinux0 < 3.1unaffected
LinuxLinux4.14.306 <= 4.14.*unaffected
LinuxLinux4.19.273 <= 4.19.*unaffected
LinuxLinux5.4.232 <= 5.4.*unaffected
LinuxLinux5.10.168 <= 5.10.*unaffected
LinuxLinux5.15.93 <= 5.15.*unaffected
LinuxLinux6.1.11 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References