-

CVE-2023-53788

EPSS 0.03%
Veröffentlicht 09.12.2025 00:00:43
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()

tuning_ctl_set() might have buffer overrun at (X) if it didn't break
from loop by matching (A).

	static int tuning_ctl_set(...)
	{
		for (i = 0; i < TUNING_CTLS_COUNT; i++)
(A)			if (nid == ca0132_tuning_ctls[i].nid)
				break;

		snd_hda_power_up(...);
(X)		dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...);
		snd_hda_power_down(...);                ^

		return 1;
	}

We will get below error by cppcheck

	sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12
	 for (i = 0; i < TUNING_CTLS_COUNT; i++)
	 ^
	sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds
	 dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20,
	                                           ^
This patch cares non match case.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < 3590498117a11aa1f92a97e8a04d95320e347ebd

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < 7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < baef27176ea5fdc7ad0947e2dc7733855e35db71

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < d23f65f08247068576a01e28b297e995b7dc3965

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < 32854bc91ae7debcdefdc7ae881ed83385a04792

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < 734a3deb6614e3597e7e9ef7fb6006c593c5ee18

Status affected

Version 44f0c9782cc6ab71ea947f8f710a46f2078a151c

Version < 98e5eb110095ec77cb6d775051d181edbf9cd3cf

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.9

Status affected

Version 0

Version < 3.9

Status unaffected

Version <= 4.14.*

Version 4.14.312

Status unaffected

Version <= 4.19.*

Version 4.19.280

Status unaffected

Version <= 5.4.*

Version 5.4.240

Status unaffected

Version <= 5.10.*

Version 5.10.177

Status unaffected

Version <= 5.15.*

Version 5.15.106

Status unaffected

Version <= 6.1.*

Version 6.1.23

Status unaffected

Version <= 6.2.*

Version 6.2.10

Status unaffected

Version <= *

Version 6.3

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.085

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea

https://git.kernel.org/stable/c/3590498117a11aa1f92a97e8a04d95320e347ebd

https://git.kernel.org/stable/c/7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99

https://git.kernel.org/stable/c/baef27176ea5fdc7ad0947e2dc7733855e35db71

https://git.kernel.org/stable/c/d23f65f08247068576a01e28b297e995b7dc3965

https://git.kernel.org/stable/c/32854bc91ae7debcdefdc7ae881ed83385a04792

https://git.kernel.org/stable/c/734a3deb6614e3597e7e9ef7fb6006c593c5ee18

https://git.kernel.org/stable/c/98e5eb110095ec77cb6d775051d181edbf9cd3cf

https://nvd.nist.gov/vuln/detail/CVE-2023-53788

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53788

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53788

EUVD