7.8

CVE-2023-52988

ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

snd_hda_get_connections() can return a negative error code.
It may lead to accessing 'conn' array at a negative index.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.1 < 4.14.306
LinuxLinux Kernel Version >= 4.15 < 4.19.273
LinuxLinux Kernel Version >= 4.20 < 5.4.232
LinuxLinux Kernel Version >= 5.5 < 5.10.168
LinuxLinux Kernel Version >= 5.11 < 5.15.93
LinuxLinux Kernel Version >= 5.16 < 6.1.11
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
LinuxLinux Kernel Version6.2 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.174
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/437e50ef6290ac835d526d0e45f466a0aa69ba1b
Patch
https://git.kernel.org/stable/c/6e1f586ddec48d71016b81acf68ba9f49ca54db8
Patch
https://git.kernel.org/stable/c/d6870f3800dbb212ae8433183ee82f566d067c6c
Patch
https://git.kernel.org/stable/c/2b557fa635e7487f638c0f030c305870839eeda2
Patch
https://git.kernel.org/stable/c/1b9256c96220bcdba287eeeb90e7c910c77f8c46
Patch
https://git.kernel.org/stable/c/f011360ad234a07cb6fbcc720fff646a93a9f0d6
Patch
https://git.kernel.org/stable/c/b9cee506da2b7920b5ea02ccd8e78a907d0ee7aa
Patch