CVE-2023-52988

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52988
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52988.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-52988
Downstream
Related
Published
2025-03-27T16:43:25.056Z
Modified
2026-03-12T03:27:53.370295Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: hda/via: Avoid potential array out-of-bound in addsecretdac_path()

sndhdaget_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52988.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
30b4503378c976cf66201a1e81820519f6bd79ac
Fixed
437e50ef6290ac835d526d0e45f466a0aa69ba1b
Fixed
6e1f586ddec48d71016b81acf68ba9f49ca54db8
Fixed
d6870f3800dbb212ae8433183ee82f566d067c6c
Fixed
2b557fa635e7487f638c0f030c305870839eeda2
Fixed
1b9256c96220bcdba287eeeb90e7c910c77f8c46
Fixed
f011360ad234a07cb6fbcc720fff646a93a9f0d6
Fixed
b9cee506da2b7920b5ea02ccd8e78a907d0ee7aa

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52988.json"