Lucene search

Redhat.comRH:CVE-2023-52806

HistoryMay 23, 2024 - 11:11 a.m.

CVE-2023-52806

2024-05-2311:11:26

redhat.com

access.redhat.com

linux kernel

alsa

hda

null-ptr-deref

vulnerability

mitigation

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may be a stub, what is the case when code-loading, such scenario ends with null-ptr-deref.

References

bugzilla.redhat.com/show_bug.cgi?id=2282753

lore.kernel.org/linux-cve-announce/2024052101-CVE-2023-52806-e9ee@gregkh/T

nvd.nist.gov/vuln/detail/CVE-2023-52806

www.cve.org/CVERecord?id=CVE-2023-52806

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for RH:CVE-2023-52806