CVE-2023-54072

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-54072
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54072.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-54072
Downstream
Related
Published
2025-12-24T12:23:15.552Z
Modified
2026-05-15T04:07:25.369232479Z
Summary
ALSA: pcm: Fix potential data race at PCM memory allocation helpers
Details

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: Fix potential data race at PCM memory allocation helpers

The PCM memory allocation helpers have a sanity check against too many buffer allocations. However, the check is performed without a proper lock and the allocation isn't serialized; this allows user to allocate more memories than predefined max size.

Practically seen, this isn't really a big problem, as it's more or less some "soft limit" as a sanity check, and it's not possible to allocate unlimitedly. But it's still better to address this for more consistent behavior.

The patch covers the size check in doallocpages() with the card->memory_mutex, and increases the allocated size there for preventing the further overflow. When the actual allocation fails, the size is decreased accordingly.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54072.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.10.193
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.129
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.39
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.4.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-54072.json"