-
CVE-2023-53275
- EPSS 0.03%
- Veröffentlicht 16.09.2025 08:11:10
- Zuletzt bearbeitet 16.09.2025 12:49:16
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() The variable codec->regmap is often protected by the lock codec->regmap_lock when is accessed. However, it is accessed without holding the lock when is accessed in snd_hdac_regmap_sync(): if (codec->regmap) In my opinion, this may be a harmful race, because if codec->regmap is set to NULL right after the condition is checked, a null-pointer dereference can occur in the called function regcache_sync(): map->lock(map->lock_arg); --> Line 360 in drivers/base/regmap/regcache.c To fix this possible null-pointer dereference caused by data race, the mutex_lock coverage is extended to protect the if statement as well as the function call to regcache_sync(). [ Note: the lack of the regmap_lock itself is harmless for the current codec driver implementations, as snd_hdac_regmap_sync() is only for PM runtime resume that is prohibited during the codec probe. But the change makes the whole code more consistent, so it's merged as is -- tiwai ]
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
109f0aaa0b8838a88af9125b79579023539300a7
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
9f9eed451176ffcac6b5ba0f6dae1a6b4a1cb0eb
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
8703b26387e1fa4f8749db98d24c67617b873acb
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
cdd412b528dee6e0851c4735d6676ec138da13a4
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
b32e40379e5b2814de0c4bc199edc2d82317dc07
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
1f4a08fed450db87fbb5ff5105354158bdbe1a22
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version <=
5.4.*
Version
5.4.255
Status
unaffected
Version <=
5.10.*
Version
5.10.192
Status
unaffected
Version <=
5.15.*
Version
5.15.128
Status
unaffected
Version <=
6.1.*
Version
6.1.47
Status
unaffected
Version <=
6.4.*
Version
6.4.12
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.078 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|