CVE-2023-52692

ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not
checking the result. Return the error if it fails rather than
continuing with an invalid value.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ALSA: scarlett2: Añadida verificación de error faltante a scarlett2_usb_set_config() scarlett2_usb_set_config() llama a scarlett2_usb_get() pero no verifica el resultado. Devuelve el error si fallo en lugar de continuar con un valor no válido.

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing with an invalid value.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/9e15fae6c51a362418f8b3054f1322c54675df94	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/51d5697e1c0380d482c3eab002bfc8d0be177e99	2024-01-25
https://git.kernel.org/stable/c/be96acd3eaa790d10a5b33e65267f52d02f6ad88	2024-01-25
https://git.kernel.org/stable/c/996fde492ad9b9563ee483b363af40d7696a8467	2024-01-25
https://git.kernel.org/stable/c/145c5aa51486171025ab47f35cff34bff8d0cea3	2024-01-25
https://git.kernel.org/stable/c/ca459dfa7d4ed9098fcf13e410963be6ae9b6bf3	2023-12-29

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.14 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.14 < 6.8"		en		Affected