CVE-2023-53275

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()

The variable codec->regmap is often protected by the lock codec->regmap_lock when is accessed. However, it is accessed without holding the lock when is accessed in snd_hdac_regmap_sync():

if (codec->regmap)

In my opinion, this may be a harmful race, because if codec->regmap is set to NULL right after the condition is checked, a null-pointer dereference can occur in the called function regcache_sync():

map->lock(map->lock_arg); –> Line 360 in drivers/base/regmap/regcache.c

To fix this possible null-pointer dereference caused by data race, the mutex_lock coverage is extended to protect the if statement as well as the function call to regcache_sync().

[ Note: the lack of the regmap_lock itself is harmless for the current codec driver implementations, as snd_hdac_regmap_sync() is only for PM runtime resume that is prohibited during the codec probe. But the change makes the whole code more consistent, so it's merged as is – tiwai ]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux69d5dc286d05441ca2f854ae8df11201f6f9b706 < 109f0aaa0b8838a88af9125b79579023539300a7affected
LinuxLinux1a462be52f4505a2719631fb5aa7bfdbd37bfd8d < 9f9eed451176ffcac6b5ba0f6dae1a6b4a1cb0ebaffected
LinuxLinux1a462be52f4505a2719631fb5aa7bfdbd37bfd8d < 8703b26387e1fa4f8749db98d24c67617b873acbaffected
LinuxLinux1a462be52f4505a2719631fb5aa7bfdbd37bfd8d < cdd412b528dee6e0851c4735d6676ec138da13a4affected
LinuxLinux1a462be52f4505a2719631fb5aa7bfdbd37bfd8d < b32e40379e5b2814de0c4bc199edc2d82317dc07affected
LinuxLinux1a462be52f4505a2719631fb5aa7bfdbd37bfd8d < 1f4a08fed450db87fbb5ff5105354158bdbe1a22affected
LinuxLinux5.4.43 < 5.4.255affected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux5.4.255 <= 5.4.*unaffected
LinuxLinux5.10.192 <= 5.10.*unaffected
LinuxLinux5.15.128 <= 5.15.*unaffected
LinuxLinux6.1.47 <= 6.1.*unaffected
LinuxLinux6.4.12 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References