CVE-2023-52736

ALSA: hda: Do not unset preset when cleaning up codec

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal
are re-used by ASoC codec drivers implementations. Drivers mimic the
behavior of hda_codec_driver_probe/remove() found in
sound/pci/hda/hda_bind.c with their component->probe/remove() instead. One of the reasons for that is the expectation of
snd_hda_codec_device_new() to receive a valid pointer to an instance of
struct snd_card. This expectation can be met only once sound card
components probing commences. As ASoC sound card may be unbound without codec device being actually
removed from the system, unsetting ->preset in
snd_hda_codec_cleanup_for_unbind() interferes with module unload -> load
scenario causing null-ptr-deref. Preset is assigned only once, during
device/driver matching whereas ASoC codec driver's module reloading may
occur several times throughout the lifetime of an audio stack.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: no desarmar el valor predeterminado al limpiar el códec. Varias funciones que participan en la inicialización y eliminación del códec son reutilizadas por las implementaciones de controladores de códec ASoC. Los controladores imitan el comportamiento de hda_codec_driver_probe/remove() que se encuentra en sound/pci/hda/hda_bind.c con su componente->probe/remove(). Una de las razones de esto es la expectativa de que snd_hda_codec_device_new() reciba un puntero válido a una instancia de struct snd_card. Esta expectativa sólo podrá cumplirse una vez que comience la investigación de los componentes de la tarjeta de sonido. Como la tarjeta de sonido ASoC puede desconectarse sin que el dispositivo códec se elimine realmente del sistema, desarmar ->preset en snd_hda_codec_cleanup_for_unbind() interfiere con la descarga del módulo -> escenario de carga causando null-ptr-deref. El ajuste preestablecido se asigna solo una vez, durante la coincidencia de dispositivo/controlador, mientras que la recarga del módulo del controlador del códec ASoC puede ocurrir varias veces durante la vida útil de una pila de audio.

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. Drivers mimic the behavior of hda_codec_driver_probe/remove() found in sound/pci/hda/hda_bind.c with their component->probe/remove() instead. One of the reasons for that is the expectation of snd_hda_codec_device_new() to receive a valid pointer to an instance of struct snd_card. This expectation can be met only once sound card components probing commences. As ASoC sound card may be unbound without codec device being actually removed from the system, unsetting ->preset in snd_hda_codec_cleanup_for_unbind() interferes with module unload -> load scenario causing null-ptr-deref. Preset is assigned only once, during device/driver matching whereas ASoC codec driver's module reloading may occur several times throughout the lifetime of an audio stack.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8	2023-02-22
https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668	2023-02-22
https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0	2023-02-22
https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a	2023-01-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.169 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.169"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.95 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.95"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.13 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.2 Search vendor "Linux" for product "Linux Kernel" and version " < 6.2"		en		Affected