CVE-2023-52806

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 13

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda: Fix possible null-ptr-deref when assigning a stream

While AudioDSP drivers assign streams exclusively of HOST or LINK type,
nothing blocks a user to attempt to assign a COUPLED stream. As
supplied substream instance may be a stub, what is the case when
code-loading, such scenario ends with null-ptr-deref.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-05-21 16:15:18
(3 months ago)
Updated Date: 2024-05-24 01:14:20
(3 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 4.14.331 version	cpe:2.3:o:linux:linux_kernel		< 4.14.331
Linux Kernel from 4.15 version and prior 4.19.300 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.300
Linux Kernel from 4.20 version and prior 5.4.262 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.262
Linux Kernel from 5.5 version and prior 5.10.202 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.202
Linux Kernel from 5.11 version and prior 5.15.140 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.140
Linux Kernel from 5.16 version and prior 6.1.64 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.64
Linux Kernel from 6.2 version and prior 6.5.13 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.5.13
Linux Kernel from 6.6 version and prior 6.6.3 version	cpe:2.3:o:linux:linux_kernel	>= 6.6	< 6.6.3