CVE-2023-54259

EPSS 0.02%
Veröffentlicht 30.12.2025 12:15:53
Zuletzt bearbeitet 31.12.2025 20:42:43
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow

This reverts commit
443a98e649b4 ("soundwire: bus: use pm_runtime_resume_and_get()")

Change calls to pm_runtime_resume_and_get() back to pm_runtime_get_sync().
This fixes a usage count underrun caused by doing a pm_runtime_put() even
though pm_runtime_resume_and_get() returned an error.

The three affected functions ignore -EACCES error from trying to get
pm_runtime, and carry on, including a put at the end of the function.
But pm_runtime_resume_and_get() does not increment the usage count if it
returns an error. So in the -EACCES case you must not call
pm_runtime_put().

The documentation for pm_runtime_get_sync() says:
 "Consider using pm_runtime_resume_and_get() ...  as this is likely to
 result in cleaner code."

In this case I don't think it results in cleaner code because the
pm_runtime_put() at the end of the function would have to be conditional on
the return value from pm_runtime_resume_and_get() at the top of the
function.

pm_runtime_get_sync() doesn't have this problem because it always
increments the count, so always needs a put. The code can just flow through
and do the pm_runtime_put() unconditionally.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 4e5e9da139c007dfc397a159093b4c4187ee67fa

Version 443a98e649b469b4e6a2832799853a5764ef9002

Status affected

Version < 203aa4374c433159f163acde2d0bd4118f23bbaf

Version 443a98e649b469b4e6a2832799853a5764ef9002

Status affected

Version < e9537962519e88969f5f69cd0571eb4f6984403c

Version 443a98e649b469b4e6a2832799853a5764ef9002

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.19

Status affected

Version < 5.19

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.30

Status unaffected

Version <= 6.3.*

Version 6.3.4

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/4e5e9da139c007dfc397a159093b4c4187ee67fa

https://git.kernel.org/stable/c/203aa4374c433159f163acde2d0bd4118f23bbaf

https://git.kernel.org/stable/c/e9537962519e88969f5f69cd0571eb4f6984403c

https://nvd.nist.gov/vuln/detail/CVE-2023-54259

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54259

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54259

EUVD