In the Linux kernel, the following vulnerability has been resolved:

ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer

smatch error:
sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:
we previously assumed 'rac97' could be null (see line 2072)

remove redundant assignment, return error if rac97 is NULL.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux
  • Linux Kernel
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/09baf460dfba79ee6a0c72e68ccdbbba84d894df cve-icon cve-icon
https://git.kernel.org/stable/c/228da1fa124470606ac19783e551f9d51a1e01b0 cve-icon cve-icon
https://git.kernel.org/stable/c/300e26e3e64880de5013eac8831cf44387ef752c cve-icon cve-icon
https://git.kernel.org/stable/c/5f13d67027fa782096e6aee0db5dce61c4aeb613 cve-icon cve-icon
https://git.kernel.org/stable/c/79597c8bf64ca99eab385115743131d260339da5 cve-icon cve-icon
https://git.kernel.org/stable/c/809af7bb4219bdeef0dbb8b2ed700d6516d13fe9 cve-icon cve-icon
https://git.kernel.org/stable/c/d28b83252e150155b8b8c65b612c555e93c8b45f cve-icon cve-icon
https://git.kernel.org/stable/c/e4cccff1e7ab6ea30995b6fbbb007d02647e025c cve-icon cve-icon
https://git.kernel.org/stable/c/f923a582217b198b557756809ffe42ac0fad6adb cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100718-CVE-2023-53648-3c04@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53648 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53648 cve-icon
History

Wed, 08 Oct 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Wed, 08 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Low

Tue, 07 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer smatch error: sound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error: we previously assumed 'rac97' could be null (see line 2072) remove redundant assignment, return error if rac97 is NULL.
Title ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-10-07T15:19:45.780Z

Reserved: 2025-10-07T15:16:59.659Z

Link: CVE-2023-53648

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-07T16:15:48.257

Modified: 2025-10-08T19:38:09.863

Link: CVE-2023-53648

cve-icon Redhat

Severity : Low

Publid Date: 2025-10-07T00:00:00Z

Links: CVE-2023-53648 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-10-08T13:36:41Z