-

CVE-2023-53788

EPSS 0.02%
Veröffentlicht 09.12.2025 00:00:43
Zuletzt bearbeitet 09.12.2025 18:37:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()

tuning_ctl_set() might have buffer overrun at (X) if it didn't break
from loop by matching (A).

	static int tuning_ctl_set(...)
	{
		for (i = 0; i < TUNING_CTLS_COUNT; i++)
(A)			if (nid == ca0132_tuning_ctls[i].nid)
				break;

		snd_hda_power_up(...);
(X)		dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...);
		snd_hda_power_down(...);                ^

		return 1;
	}

We will get below error by cppcheck

	sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12
	 for (i = 0; i < TUNING_CTLS_COUNT; i++)
	 ^
	sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds
	 dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,
	                                           ^
This patch cares non match case.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 3590498117a11aa1f92a97e8a04d95320e347ebd

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < baef27176ea5fdc7ad0947e2dc7733855e35db71

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d23f65f08247068576a01e28b297e995b7dc3965

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 32854bc91ae7debcdefdc7ae881ed83385a04792

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 734a3deb6614e3597e7e9ef7fb6006c593c5ee18

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 98e5eb110095ec77cb6d775051d181edbf9cd3cf

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.312

Status unaffected

Version <= 4.19.*

Version 4.19.280

Status unaffected

Version <= 5.4.*

Version 5.4.240

Status unaffected

Version <= 5.10.*

Version 5.10.177

Status unaffected

Version <= 5.15.*

Version 5.15.106

Status unaffected

Version <= 6.1.*

Version 6.1.23

Status unaffected

Version <= 6.2.*

Version 6.2.10

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea

https://git.kernel.org/stable/c/3590498117a11aa1f92a97e8a04d95320e347ebd

https://git.kernel.org/stable/c/7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99

https://git.kernel.org/stable/c/baef27176ea5fdc7ad0947e2dc7733855e35db71

https://git.kernel.org/stable/c/d23f65f08247068576a01e28b297e995b7dc3965

https://git.kernel.org/stable/c/32854bc91ae7debcdefdc7ae881ed83385a04792

https://git.kernel.org/stable/c/734a3deb6614e3597e7e9ef7fb6006c593c5ee18

https://git.kernel.org/stable/c/98e5eb110095ec77cb6d775051d181edbf9cd3cf

https://nvd.nist.gov/vuln/detail/CVE-2023-53788

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53788

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53788

EUVD