| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100718-CVE-2023-53648-3c04@gregkh> Date: Tue, 7 Oct 2025 17:19:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53648: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line 2072) remove redundant assignment, return error if rac97 is NULL. The Linux kernel CVE team has assigned CVE-2023-53648 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 4.14.322 with commit 809af7bb4219bdeef0dbb8b2ed700d6516d13fe9 Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 4.19.291 with commit e4cccff1e7ab6ea30995b6fbbb007d02647e025c Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 5.4.251 with commit 5f13d67027fa782096e6aee0db5dce61c4aeb613 Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 5.10.188 with commit f923a582217b198b557756809ffe42ac0fad6adb Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 5.15.121 with commit 300e26e3e64880de5013eac8831cf44387ef752c Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 6.1.39 with commit d28b83252e150155b8b8c65b612c555e93c8b45f Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 6.3.13 with commit 09baf460dfba79ee6a0c72e68ccdbbba84d894df Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 6.4.4 with commit 228da1fa124470606ac19783e551f9d51a1e01b0 Issue introduced in 2.6.28 with commit da3cec35dd3c31d8706db4bf379372ce70d92118 and fixed in 6.5 with commit 79597c8bf64ca99eab385115743131d260339da5 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53648 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/pci/ac97/ac97_codec.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/809af7bb4219bdeef0dbb8b2ed700d6516d13fe9 https://git.kernel.org/stable/c/e4cccff1e7ab6ea30995b6fbbb007d02647e025c https://git.kernel.org/stable/c/5f13d67027fa782096e6aee0db5dce61c4aeb613 https://git.kernel.org/stable/c/f923a582217b198b557756809ffe42ac0fad6adb https://git.kernel.org/stable/c/300e26e3e64880de5013eac8831cf44387ef752c https://git.kernel.org/stable/c/d28b83252e150155b8b8c65b612c555e93c8b45f https://git.kernel.org/stable/c/09baf460dfba79ee6a0c72e68ccdbbba84d894df https://git.kernel.org/stable/c/228da1fa124470606ac19783e551f9d51a1e01b0 https://git.kernel.org/stable/c/79597c8bf64ca99eab385115743131d260339da5
Powered by blists - more mailing lists