CVE-2023-53607

In the Linux kernel, the following vulnerability has been resolved:

ALSA: ymfpci: Fix BUG_ON in probe function

The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON() did not account for, resulting in the following:

[ 9.625915] ------------[ cut here ]------------ [ 9.633440] WARNING: CPU: 0 PID: 126 at sound/pci/ymfpci/ymfpcimain.c:2168 sndymfpcicreate+0x681/0x698 [sndymfpci] [ 9.648926] Modules linked in: sndymfpci(+) sndinteldspcfg kvm(+) sndintelsdwacpi sndac97codec sndmpu401uart sndopl3lib irqbypass sndhdacodec gameport sndrawmidi crct10difpclmul crc32pclmul cfg80211 sndhdacore polyvalclmulni polyvalgeneric gf128mul sndseqdevice ghashclmulniintel sndhwdep ac97bus sha512ssse3 rfkill sndpcm aesniintel tg3 sndtimer cryptosimd snd mxmwmi libphy cryptd k10temp fam15hpower pcspkr soundcore sp5100tco wmi acpicpufreq machid dmmultipath sg loop fuse dmmod bpfpreload iptables xtables ext4 crc32cgeneric crc16 mbcache jbd2 srmod cdrom atageneric pataacpi firewireohci crc32cintel firewirecore xhcipci crcitut patavia xhcipcirenesas floppy [ 9.711849] CPU: 0 PID: 126 Comm: kworker/0:2 Not tainted 6.1.21-1-lts #1 08d2e5ece03136efa7c6aeea9a9c40916b1bd8da [ 9.722200] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./990FX Extreme4, BIOS P2.70 06/05/2014 [ 9.732204] Workqueue: events workforcpufn [ 9.736580] RIP: 0010:sndymfpcicreate+0x681/0x698 [sndymfpci] [ 9.742594] Code: 8c c0 4c 89 e2 48 89 df 48 c7 c6 92 c6 8c c0 e8 15 d0 e9 ff 48 83 c4 08 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d3 7a 33 e3 <0f> 0b e9 cb fd ff ff 41 bd fb ff ff ff eb db 41 bd f4 ff ff ff eb [ 9.761358] RSP: 0018:ffffab64804e7da0 EFLAGS: 00010287 [ 9.766594] RAX: ffff8fa2df06c400 RBX: ffff8fa3073a8000 RCX: ffff8fa303fbc4a8 [ 9.773734] RDX: ffff8fa2df06d000 RSI: 0000000000000010 RDI: 0000000000000020 [ 9.780876] RBP: ffff8fa300b5d0d0 R08: ffff8fa3073a8e50 R09: 00000000df06bf00 [ 9.788018] R10: ffff8fa2df06bf00 R11: 00000000df068200 R12: ffff8fa3073a8918 [ 9.795159] R13: 0000000000000000 R14: 0000000000000080 R15: ffff8fa2df068200 [ 9.802317] FS: 0000000000000000(0000) GS:ffff8fa9fec00000(0000) knlGS:0000000000000000 [ 9.810414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9.816158] CR2: 000055febaf66500 CR3: 0000000101a2e000 CR4: 00000000000406f0 [ 9.823301] Call Trace: [ 9.825747] <TASK> [ 9.827889] sndcardymfpciprobe+0x194/0x950 [sndymfpci b78a5fe64b5663a6390a909c67808567e3e73615] [ 9.837030] ? finishtaskswitch.isra.0+0x90/0x2d0 [ 9.841918] localpciprobe+0x45/0x80 [ 9.845680] workforcpufn+0x1a/0x30 [ 9.849431] processonework+0x1c7/0x380 [ 9.853464] workerthread+0x1af/0x390 [ 9.857225] ? rescuerthread+0x3b0/0x3b0 [ 9.861254] kthread+0xde/0x110 [ 9.864414] ? kthreadcompleteandexit+0x20/0x20 [ 9.869210] retfrom_fork+0x22/0x30 [ 9.872792] </TASK> [ 9.874985] ---[ end trace 0000000000000000 ]---