{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52904", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T06:07:11.014Z", "datePublished": "2024-08-21T06:10:44.960Z", "dateUpdated": "2025-05-04T07:45:43.772Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:45:43.772Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/pcm.c"], "versions": [{"version": "bfd36b1d1869859af7ba94dc95ec05e74f40d0b7", "lessThan": "f57204edc10760c935d8d36ea999dc8acf018030", "status": "affected", "versionType": "git"}, {"version": "e1e0a181aea375edfae2f9a59070f95d904980d1", "lessThan": "a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8", "status": "affected", "versionType": "git"}, {"version": "291e9da91403e0e628d7692b5ed505100e7b7706", "lessThan": "92a9c0ad86d47ff4cce899012e355c400f02cfb8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/usb/pcm.c"], "versions": [{"version": "5.15.152", "lessThan": "5.15.168", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.152", "versionEndExcluding": "5.15.168"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030"}, {"url": "https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8"}, {"url": "https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8"}], "title": "ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52904", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:03:17.931881Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:17.251Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52904", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:03:17.931881Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.736Z"}}], "cna": {"title": "ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "bfd36b1d1869859af7ba94dc95ec05e74f40d0b7", "lessThan": "f57204edc10760c935d8d36ea999dc8acf018030", "versionType": "git"}, {"status": "affected", "version": "e1e0a181aea375edfae2f9a59070f95d904980d1", "lessThan": "a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8", "versionType": "git"}, {"status": "affected", "version": "291e9da91403e0e628d7692b5ed505100e7b7706", "lessThan": "92a9c0ad86d47ff4cce899012e355c400f02cfb8", "versionType": "git"}], "programFiles": ["sound/usb/pcm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15.152", "lessThan": "5.15.168", "versionType": "semver"}], "programFiles": ["sound/usb/pcm.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030"}, {"url": "https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8"}, {"url": "https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.15.152"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:45:43.772Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52904", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:45:43.772Z", "dateReserved": "2024-08-21T06:07:11.014Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-21T06:10:44.960Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\n\nThe subs function argument may be NULL, so do not use it before the NULL check."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: corrige la posible desreferencia del puntero NULL en snd_usb_pcm_has_fixed_rate() El argumento de la funci\u00f3n subs puede ser NULL, as\u00ed que no lo use antes de la verificaci\u00f3n NULL."}], "id": "CVE-2023-52904", "lastModified": "2024-10-17T14:15:04.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-08-21T07:15:06.540", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/92a9c0ad86d47ff4cce899012e355c400f02cfb8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a474d4ad59cd4642d1b7e3a6c08cef9eca0992c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f57204edc10760c935d8d36ea999dc8acf018030"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()", "id": "2306432", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306432"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()\nThe subs function argument may be NULL, so do not use it before the NULL check.", "A vulnerability was found in the snd_usb_pcm_has_fixed_rate() function in the Linux Kernel's Advanced Linux Sound Architecture (ALSA) subsystem for USB audio. This issue could allow an attacker with local access and low privileges to manipulate the audio subsystem by interacting with USB audio devices or crafting specific audio-related function calls that pass a NULL pointer to the vulnerable function. This could cause a NULL pointer dereference in the ALSA subsystem, leading to a kernel panic, requiring a system restart to recover."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52904", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52904\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52904\nhttps://lore.kernel.org/linux-cve-announce/2024082113-CVE-2023-52904-b85a@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as this vulnerability does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Low"}

{}