{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52806", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T15:19:24.247Z", "datePublished": "2024-05-21T15:31:17.025Z", "dateUpdated": "2024-09-11T17:32:54.863Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:17:42.574Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/hda/hdac_stream.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "7de25112de82", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "758c7733cb82", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "2527775616f3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "25354bae4fc3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "631a96e9eb42", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "43b91df291c8", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "fe7c1a0c2b25", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "4a320da7f7cb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f93dc90c2e8e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/hda/hdac_stream.c"], "versions": [{"version": "4.14.331", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.300", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.262", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.202", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.140", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.64", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.5.13", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.3", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"}, {"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"}, {"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"}, {"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"}, {"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"}, {"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"}, {"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"}, {"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"}, {"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"}], "title": "ALSA: hda: Fix possible null-ptr-deref when assigning a stream", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:36.085Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:36:47.089606Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:54.863Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:36.085Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:36:47.089606Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.390Z"}}], "cna": {"title": "ALSA: hda: Fix possible null-ptr-deref when assigning a stream", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "7de25112de82", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "758c7733cb82", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "2527775616f3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "25354bae4fc3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "631a96e9eb42", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "43b91df291c8", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "fe7c1a0c2b25", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "4a320da7f7cb", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f93dc90c2e8e", "versionType": "git"}], "programFiles": ["sound/hda/hdac_stream.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.14.331", "versionType": "custom", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.300", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.262", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.202", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.140", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.64", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.13", "versionType": "custom", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6.3", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/hda/hdac_stream.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"}, {"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"}, {"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"}, {"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"}, {"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"}, {"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"}, {"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"}, {"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"}, {"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:17:42.574Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52806", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:32:54.863Z", "dateReserved": "2024-05-21T15:19:24.247Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:31:17.025Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F120ED7-3012-4856-9F08-B433BC310335", "versionEndExcluding": "4.14.331", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C99DDB75-1CAC-40D0-A14D-67A2A55D6005", "versionEndExcluding": "4.19.300", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "28B0AAED-45BA-4928-9A85-66A429B9F038", "versionEndExcluding": "5.4.262", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "39D508B4-58C7-40C2-BE05-44E41110EB98", "versionEndExcluding": "5.10.202", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15D6C23C-78A3-40D2-B76B-4F1D9C2D95C0", "versionEndExcluding": "5.15.140", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D7C884A-CAA2-4EA2-9FEB-5CE776D7B05F", "versionEndExcluding": "6.1.64", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4", "versionEndExcluding": "6.5.13", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0", "versionEndExcluding": "6.6.3", "versionStartIncluding": "6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: hda: Corrige posible null-ptr-deref al asignar un flujo. Si bien los controladores AudioDSP asignan flujos exclusivamente de tipo HOST o LINK, nada impide que un usuario intente asignar un flujo ACOPLADO. Como la instancia de subsecuencia proporcionada puede ser un c\u00f3digo auxiliar, cu\u00e1l es el caso cuando se carga el c\u00f3digo, dicho escenario termina con null-ptr-deref."}], "id": "CVE-2023-52806", "lastModified": "2024-05-24T01:14:20.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T16:15:18.963", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: hda: Fix possible null-ptr-deref when assigning a stream", "id": "2282753", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282753"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."], "name": "CVE-2023-52806", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52806\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52806\nhttps://lore.kernel.org/linux-cve-announce/2024052101-CVE-2023-52806-e9ee@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 4.14.331, kernel 4.19.300, kernel 5.4.262, kernel 5.10.202, kernel 5.15.140, kernel 6.1.64, kernel 6.5.13, kernel 6.6.3, kernel 6.7"}