| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024051750-CVE-2023-52680-1f4a@gregkh> Date: Fri, 17 May 2024 16:26:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2023-52680: ALSA: scarlett2: Add missing error checks to *_ctl_get() Description =========== In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller. The Linux kernel CVE team has assigned CVE-2023-52680 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit 9e4d5c1be21f and fixed in 5.15.148 with commit 3a09488f4f67 Issue introduced in 5.4 with commit 9e4d5c1be21f and fixed in 6.1.75 with commit cda7762bea85 Issue introduced in 5.4 with commit 9e4d5c1be21f and fixed in 6.6.14 with commit 821fbaeaaae2 Issue introduced in 5.4 with commit 9e4d5c1be21f and fixed in 6.7.2 with commit 773e38f73461 Issue introduced in 5.4 with commit 9e4d5c1be21f and fixed in 6.8 with commit 50603a67daef Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-52680 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/usb/mixer_scarlett2.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51 https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43 https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3 https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3 https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e
Powered by blists - more mailing lists