cve-2023-52736
Vulnerability from cvelistv5
Published
2024-05-21 15:23
Modified
2024-12-19 08:24
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. Drivers mimic the behavior of hda_codec_driver_probe/remove() found in sound/pci/hda/hda_bind.c with their component->probe/remove() instead. One of the reasons for that is the expectation of snd_hda_codec_device_new() to receive a valid pointer to an instance of struct snd_card. This expectation can be met only once sound card components probing commences. As ASoC sound card may be unbound without codec device being actually removed from the system, unsetting ->preset in snd_hda_codec_cleanup_for_unbind() interferes with module unload -> load scenario causing null-ptr-deref. Preset is assigned only once, during device/driver matching whereas ASoC codec driver's module reloading may occur several times throughout the lifetime of an audio stack.
Impacted products
Vendor Product Version
Linux Linux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52736",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:37:05.495763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:37:38.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.525Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/pci/hda/hda_bind.c",
            "sound/pci/hda/hda_codec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7fc4e7191eae9d9325511e03deadfdb2224914f8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e909f5f2aa55a8f9aa6919cce08015cb0e8d4668",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "427ca2530da8dc61a42620d7113b05e187b6c2c0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "87978e6ad45a16835cc58234451111091be3c59a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/pci/hda/hda_bind.c",
            "sound/pci/hda/hda_codec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Do not unset preset when cleaning up codec\n\nSeveral functions that take part in codec\u0027s initialization and removal\nare re-used by ASoC codec drivers implementations. Drivers mimic the\nbehavior of hda_codec_driver_probe/remove() found in\nsound/pci/hda/hda_bind.c with their component-\u003eprobe/remove() instead.\n\nOne of the reasons for that is the expectation of\nsnd_hda_codec_device_new() to receive a valid pointer to an instance of\nstruct snd_card. This expectation can be met only once sound card\ncomponents probing commences.\n\nAs ASoC sound card may be unbound without codec device being actually\nremoved from the system, unsetting -\u003epreset in\nsnd_hda_codec_cleanup_for_unbind() interferes with module unload -\u003e load\nscenario causing null-ptr-deref. Preset is assigned only once, during\ndevice/driver matching whereas ASoC codec driver\u0027s module reloading may\noccur several times throughout the lifetime of an audio stack."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:24:41.530Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
        },
        {
          "url": "https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a"
        }
      ],
      "title": "ALSA: hda: Do not unset preset when cleaning up codec",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52736",
    "datePublished": "2024-05-21T15:23:00.572Z",
    "dateReserved": "2024-05-21T15:19:24.232Z",
    "dateUpdated": "2024-12-19T08:24:41.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52736\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:13.597\",\"lastModified\":\"2024-11-21T08:40:28.620\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nALSA: hda: Do not unset preset when cleaning up codec\\n\\nSeveral functions that take part in codec\u0027s initialization and removal\\nare re-used by ASoC codec drivers implementations. Drivers mimic the\\nbehavior of hda_codec_driver_probe/remove() found in\\nsound/pci/hda/hda_bind.c with their component-\u003eprobe/remove() instead.\\n\\nOne of the reasons for that is the expectation of\\nsnd_hda_codec_device_new() to receive a valid pointer to an instance of\\nstruct snd_card. This expectation can be met only once sound card\\ncomponents probing commences.\\n\\nAs ASoC sound card may be unbound without codec device being actually\\nremoved from the system, unsetting -\u003epreset in\\nsnd_hda_codec_cleanup_for_unbind() interferes with module unload -\u003e load\\nscenario causing null-ptr-deref. Preset is assigned only once, during\\ndevice/driver matching whereas ASoC codec driver\u0027s module reloading may\\noccur several times throughout the lifetime of an audio stack.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: no desarmar el valor predeterminado al limpiar el c\u00f3dec. Varias funciones que participan en la inicializaci\u00f3n y eliminaci\u00f3n del c\u00f3dec son reutilizadas por las implementaciones de controladores de c\u00f3dec ASoC. Los controladores imitan el comportamiento de hda_codec_driver_probe/remove() que se encuentra en sound/pci/hda/hda_bind.c con su componente-\u0026gt;probe/remove(). Una de las razones de esto es la expectativa de que snd_hda_codec_device_new() reciba un puntero v\u00e1lido a una instancia de struct snd_card. Esta expectativa s\u00f3lo podr\u00e1 cumplirse una vez que comience la investigaci\u00f3n de los componentes de la tarjeta de sonido. Como la tarjeta de sonido ASoC puede desconectarse sin que el dispositivo c\u00f3dec se elimine realmente del sistema, desarmar -\u0026gt;preset en snd_hda_codec_cleanup_for_unbind() interfiere con la descarga del m\u00f3dulo -\u0026gt; escenario de carga causando null-ptr-deref. El ajuste preestablecido se asigna solo una vez, durante la coincidencia de dispositivo/controlador, mientras que la recarga del m\u00f3dulo del controlador del c\u00f3dec ASoC puede ocurrir varias veces durante la vida \u00fatil de una pila de audio.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.