CVE - CVE-2023-52736

CVE-ID
CVE-2023-52736	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Do not unset preset when cleaning up codec Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. Drivers mimic the behavior of hda_codec_driver_probe/remove() found in sound/pci/hda/hda_bind.c with their component->probe/remove() instead. One of the reasons for that is the expectation of snd_hda_codec_device_new() to receive a valid pointer to an instance of struct snd_card. This expectation can be met only once sound card components probing commences. As ASoC sound card may be unbound without codec device being actually removed from the system, unsetting ->preset in snd_hda_codec_cleanup_for_unbind() interferes with module unload -> load scenario causing null-ptr-deref. Preset is assigned only once, during device/driver matching whereas ASoC codec driver's module reloading may occur several times throughout the lifetime of an audio stack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0 URL:https://git.kernel.org/stable/c/427ca2530da8dc61a42620d7113b05e187b6c2c0 MISC:https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8 URL:https://git.kernel.org/stable/c/7fc4e7191eae9d9325511e03deadfdb2224914f8 MISC:https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a URL:https://git.kernel.org/stable/c/87978e6ad45a16835cc58234451111091be3c59a MISC:https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668 URL:https://git.kernel.org/stable/c/e909f5f2aa55a8f9aa6919cce08015cb0e8d4668
Assigning CNA
kernel.org
Date Record Created
20240521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)