CVE-2023-52680 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51
https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e
https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3
https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3
https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43
https://lore.kernel.org/linux-cve-announce/2024051750-CVE-2023-52680-1f4a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52680
https://www.cve.org/CVERecord?id=CVE-2023-52680

History

Wed, 13 Nov 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Mon, 04 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-17T14:24:44.033Z

Updated: 2024-11-04T14:51:00.345Z

Reserved: 2024-03-07T14:49:46.887Z

Link: CVE-2023-52680

Vulnrichment

Updated: 2024-08-02T23:11:35.268Z

NVD

Status : Awaiting Analysis

Published: 2024-05-17T15:15:19.280

Modified: 2024-05-17T18:35:35.070

Link: CVE-2023-52680

Redhat

Severity : Low

Publid Date: 2024-05-17T00:00:00Z

Links: CVE-2023-52680 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52680", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-07T14:49:46.887Z", "datePublished": "2024-05-17T14:24:44.033Z", "dateUpdated": "2024-11-04T14:51:00.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:51:00.345Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Add missing error checks to *_ctl_get()\n\nThe *_ctl_get() functions which call scarlett2_update_*() were not\nchecking the return value. Fix to check the return value and pass to\nthe caller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/mixer_scarlett2.c"], "versions": [{"version": "9e4d5c1be21f", "lessThan": "3a09488f4f67", "status": "affected", "versionType": "git"}, {"version": "9e4d5c1be21f", "lessThan": "cda7762bea85", "status": "affected", "versionType": "git"}, {"version": "9e4d5c1be21f", "lessThan": "821fbaeaaae2", "status": "affected", "versionType": "git"}, {"version": "9e4d5c1be21f", "lessThan": "773e38f73461", "status": "affected", "versionType": "git"}, {"version": "9e4d5c1be21f", "lessThan": "50603a67daef", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/mixer_scarlett2.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.148", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.75", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.14", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.2", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51"}, {"url": "https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43"}, {"url": "https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3"}, {"url": "https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3"}, {"url": "https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e"}], "title": "ALSA: scarlett2: Add missing error checks to *_ctl_get()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T15:14:15.843412Z", "id": "CVE-2023-52680", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:14:24.298Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.268Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.268Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52680", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T15:14:15.843412Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T15:14:20.359Z"}}], "cna": {"title": "ALSA: scarlett2: Add missing error checks to *_ctl_get()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9e4d5c1be21f", "lessThan": "3a09488f4f67", "versionType": "git"}, {"status": "affected", "version": "9e4d5c1be21f", "lessThan": "cda7762bea85", "versionType": "git"}, {"status": "affected", "version": "9e4d5c1be21f", "lessThan": "821fbaeaaae2", "versionType": "git"}, {"status": "affected", "version": "9e4d5c1be21f", "lessThan": "773e38f73461", "versionType": "git"}, {"status": "affected", "version": "9e4d5c1be21f", "lessThan": "50603a67daef", "versionType": "git"}], "programFiles": ["sound/usb/mixer_scarlett2.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4"}, {"status": "unaffected", "version": "0", "lessThan": "5.4", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.148", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.75", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.14", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.2", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/usb/mixer_scarlett2.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/3a09488f4f67f7ade59b8ac62a6c7fb29439cf51"}, {"url": "https://git.kernel.org/stable/c/cda7762bea857e6951315a2f7d0632ea1850ed43"}, {"url": "https://git.kernel.org/stable/c/821fbaeaaae23d483d3df799fe91ec8045973ec3"}, {"url": "https://git.kernel.org/stable/c/773e38f73461ef2134a0d33a08f1668edde9b7c3"}, {"url": "https://git.kernel.org/stable/c/50603a67daef161c78c814580d57f7f0be57167e"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Add missing error checks to *_ctl_get()\n\nThe *_ctl_get() functions which call scarlett2_update_*() were not\nchecking the return value. Fix to check the return value and pass to\nthe caller."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:51:00.345Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52680", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:51:00.345Z", "dateReserved": "2024-03-07T14:49:46.887Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T14:24:44.033Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: ALSA: scarlett2: Add missing error checks to *_ctl_get()", "id": "2281324", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281324"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: scarlett2: Add missing error checks to *_ctl_get()\nThe *_ctl_get() functions which call scarlett2_update_*() were not\nchecking the return value. Fix to check the return value and pass to\nthe caller."], "name": "CVE-2023-52680", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52680\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52680\nhttps://lore.kernel.org/linux-cve-announce/2024051750-CVE-2023-52680-1f4a@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.148, kernel 6.1.75, kernel 6.6.14, kernel 6.7.2, kernel 6.8"}