CVE-2023-53607

EPSS 0.02%
Veröffentlicht 04.10.2025 15:44:16
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: ymfpci: Fix BUG_ON in probe function

The snd_dma_buffer.bytes field now contains the aligned size, which this
snd_BUG_ON() did not account for, resulting in the following:

[    9.625915] ------------[ cut here ]------------
[    9.633440] WARNING: CPU: 0 PID: 126 at sound/pci/ymfpci/ymfpci_main.c:2168 snd_ymfpci_create+0x681/0x698 [snd_ymfpci]
[    9.648926] Modules linked in: snd_ymfpci(+) snd_intel_dspcfg kvm(+) snd_intel_sdw_acpi snd_ac97_codec snd_mpu401_uart snd_opl3_lib irqbypass snd_hda_codec gameport snd_rawmidi crct10dif_pclmul crc32_pclmul cfg80211 snd_hda_core polyval_clmulni polyval_generic gf128mul snd_seq_device ghash_clmulni_intel snd_hwdep ac97_bus sha512_ssse3 rfkill snd_pcm aesni_intel tg3 snd_timer crypto_simd snd mxm_wmi libphy cryptd k10temp fam15h_power pcspkr soundcore sp5100_tco wmi acpi_cpufreq mac_hid dm_multipath sg loop fuse dm_mod bpf_preload ip_tables x_tables ext4 crc32c_generic crc16 mbcache jbd2 sr_mod cdrom ata_generic pata_acpi firewire_ohci crc32c_intel firewire_core xhci_pci crc_itu_t pata_via xhci_pci_renesas floppy
[    9.711849] CPU: 0 PID: 126 Comm: kworker/0:2 Not tainted 6.1.21-1-lts #1 08d2e5ece03136efa7c6aeea9a9c40916b1bd8da
[    9.722200] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./990FX Extreme4, BIOS P2.70 06/05/2014
[    9.732204] Workqueue: events work_for_cpu_fn
[    9.736580] RIP: 0010:snd_ymfpci_create+0x681/0x698 [snd_ymfpci]
[    9.742594] Code: 8c c0 4c 89 e2 48 89 df 48 c7 c6 92 c6 8c c0 e8 15 d0 e9 ff 48 83 c4 08 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d3 7a 33 e3 <0f> 0b e9 cb fd ff ff 41 bd fb ff ff ff eb db 41 bd f4 ff ff ff eb
[    9.761358] RSP: 0018:ffffab64804e7da0 EFLAGS: 00010287
[    9.766594] RAX: ffff8fa2df06c400 RBX: ffff8fa3073a8000 RCX: ffff8fa303fbc4a8
[    9.773734] RDX: ffff8fa2df06d000 RSI: 0000000000000010 RDI: 0000000000000020
[    9.780876] RBP: ffff8fa300b5d0d0 R08: ffff8fa3073a8e50 R09: 00000000df06bf00
[    9.788018] R10: ffff8fa2df06bf00 R11: 00000000df068200 R12: ffff8fa3073a8918
[    9.795159] R13: 0000000000000000 R14: 0000000000000080 R15: ffff8fa2df068200
[    9.802317] FS:  0000000000000000(0000) GS:ffff8fa9fec00000(0000) knlGS:0000000000000000
[    9.810414] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    9.816158] CR2: 000055febaf66500 CR3: 0000000101a2e000 CR4: 00000000000406f0
[    9.823301] Call Trace:
[    9.825747]  <TASK>
[    9.827889]  snd_card_ymfpci_probe+0x194/0x950 [snd_ymfpci b78a5fe64b5663a6390a909c67808567e3e73615]
[    9.837030]  ? finish_task_switch.isra.0+0x90/0x2d0
[    9.841918]  local_pci_probe+0x45/0x80
[    9.845680]  work_for_cpu_fn+0x1a/0x30
[    9.849431]  process_one_work+0x1c7/0x380
[    9.853464]  worker_thread+0x1af/0x390
[    9.857225]  ? rescuer_thread+0x3b0/0x3b0
[    9.861254]  kthread+0xde/0x110
[    9.864414]  ? kthread_complete_and_exit+0x20/0x20
[    9.869210]  ret_from_fork+0x22/0x30
[    9.872792]  </TASK>
[    9.874985] ---[ end trace 0000000000000000 ]---

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 96e34c88000febc83e41aa7db0b0a41676314818

Version 4faf4bbc2d600a921052ff45b1b5914d583d9046

Status affected

Version < 81d2a7e93c8322ca6b858f6736d7fc3d034e6c23

Version 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e

Status affected

Version < 32b9bd7cfc2e2d92d595386add4e111b232b351f

Version 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e

Status affected

Version < d0217b09910c081b6471181345ea5b24025edf51

Version 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e

Status affected

Version < 6be2e7522eb529b41c16d459f33bbdbcddbf5c15

Version 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e

Status affected

Version f52ac912c14c5bf426c0f9e0c6236dbcdf61664e

Status affected

Version 19241a56c5d6e74b32b1fbb1bd3ba7edef421f16

Status affected

Version 05243cf88f7fa5e9dd5659399bc9307ff3fb675f

Status affected

Version 015af30d373d33548c9afcffbbaaf266459731de

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.11

Status affected

Version < 5.11

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.177

Status unaffected

Version <= 5.15.*

Version 5.15.106

Status unaffected

Version <= 6.1.*

Version 6.1.23

Status unaffected

Version <= 6.2.*

Version 6.2.10

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/96e34c88000febc83e41aa7db0b0a41676314818

https://git.kernel.org/stable/c/81d2a7e93c8322ca6b858f6736d7fc3d034e6c23

https://git.kernel.org/stable/c/32b9bd7cfc2e2d92d595386add4e111b232b351f

https://git.kernel.org/stable/c/d0217b09910c081b6471181345ea5b24025edf51

https://git.kernel.org/stable/c/6be2e7522eb529b41c16d459f33bbdbcddbf5c15

https://nvd.nist.gov/vuln/detail/CVE-2023-53607

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53607

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53607

EUVD