CVE-2023-52806

While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may be a stub, what is the case when code-loading, such scenario ends with null-ptr-deref.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52806.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

14752412721c61d9ac1e8d8fb51d7148cb15f85b

Fixed

7de25112de8222fd20564769e6c99dc9f9738a0b

Fixed

758c7733cb821041f5fd403b7b97c0b95d319323

Fixed

2527775616f3638f4fd54649eba8c7b84d5e4250

Fixed

25354bae4fc310c3928e8a42fda2d486f67745d7

Fixed

631a96e9eb4228ff75fce7e72d133ca81194797e

Fixed

43b91df291c8802268ab3cfd8fccfdf135800ed4

Fixed

fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0

Fixed

4a320da7f7cbdab2098b103c47f45d5061f42edd

Fixed

f93dc90c2e8ed664985e366aa6459ac83cdab236

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52806.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.14.331

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.300

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.262

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.202

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.140

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.64

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.5.13

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52806.json"