CVE-2023-52697 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-52697

CVE-2023-52697

May 17, 2024

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL sof_sdw_rt_sdca_jack_exit() are used by different codecs, and some of them use the same dai name. For example, rt712 and rt713 both use "rt712-sdca-aif1" and sof_sdw_rt_sdca_jack_exit(). As a result, sof_sdw_rt_sdca_jack_exit() will be called twice by mc_dailink_exit_loop(). Set ctx->headset_codec_dev = NULL; after put_device(ctx->headset_codec_dev); to avoid ctx->headset_codec_dev being put twice.

Related Resources (6)

https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52697.json

https://git.kernel.org/stable/c/582231a8c4f73ac153493687ecc1bed853e9c9ef

https://git.kernel.org/stable/c/a410d58117d6da4b7d41f3c91365f191d006bc3d

https://nvd.nist.gov/vuln/detail/CVE-2023-52697

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

https://git.kernel.org/stable/c/e38e252dbceeef7d2f848017132efd68e9ae1416

Do you need more information?

CVSS v4

Base Score:

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

EPSS

Base Score:

0.03

Products

Solutions

Resources

Company

Compare

Developer Tools