| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122432-CVE-2023-54072-4a34@gregkh> Date: Wed, 24 Dec 2025 13:27:05 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54072: ALSA: pcm: Fix potential data race at PCM memory allocation helpers From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential data race at PCM memory allocation helpers The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size. Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, and it's not possible to allocate unlimitedly. But it's still better to address this for more consistent behavior. The patch covers the size check in do_alloc_pages() with the card->memory_mutex, and increases the allocated size there for preventing the further overflow. When the actual allocation fails, the size is decreased accordingly. The Linux kernel CVE team has assigned CVE-2023-54072 to this issue. Affected and fixed versions =========================== Fixed in 5.4.255 with commit 7e1d1456c8db9949459c5a24e8845cfe92430b0f Fixed in 5.10.193 with commit 7e11c58b2620a22c67a5ae28d64ce383890ee9f4 Fixed in 5.15.129 with commit a0ab49e7a758b488b2090171a75d50735c0876f6 Fixed in 6.1.39 with commit 3eb4e47a94e3f76521d7d344696db61e6a9619c7 Fixed in 6.4.4 with commit 773ccad902f67583a58b5650a2f8d8daf2e76fac Fixed in 6.5 with commit bd55842ed998a622ba6611fe59b3358c9f76773d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54072 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: sound/core/pcm_memory.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7e1d1456c8db9949459c5a24e8845cfe92430b0f https://git.kernel.org/stable/c/7e11c58b2620a22c67a5ae28d64ce383890ee9f4 https://git.kernel.org/stable/c/a0ab49e7a758b488b2090171a75d50735c0876f6 https://git.kernel.org/stable/c/3eb4e47a94e3f76521d7d344696db61e6a9619c7 https://git.kernel.org/stable/c/773ccad902f67583a58b5650a2f8d8daf2e76fac https://git.kernel.org/stable/c/bd55842ed998a622ba6611fe59b3358c9f76773d
Powered by blists - more mailing lists