In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Do not unset preset when cleaning up codec
Several functions that take part in codec's initialization and removal are re-used by ASoC codec drivers implementations. Drivers mimic the behavior of hdacodecdriverprobe/remove() found in sound/pci/hda/hdabind.c with their component->probe/remove() instead.
One of the reasons for that is the expectation of sndhdacodecdevicenew() to receive a valid pointer to an instance of struct snd_card. This expectation can be met only once sound card components probing commences.
As ASoC sound card may be unbound without codec device being actually removed from the system, unsetting ->preset in sndhdacodeccleanupfor_unbind() interferes with module unload -> load scenario causing null-ptr-deref. Preset is assigned only once, during device/driver matching whereas ASoC codec driver's module reloading may occur several times throughout the lifetime of an audio stack.
[
{
"id": "CVE-2023-52736-012d6b1f",
"deprecated": false,
"digest": {
"length": 588.0,
"function_hash": "186838402678180172851933339937951760218"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_remove",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
},
{
"id": "CVE-2023-52736-02ac0362",
"deprecated": false,
"digest": {
"length": 1209.0,
"function_hash": "289594479213676934870168285674712601126"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_probe",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87978e6ad45a16835cc58234451111091be3c59a"
},
{
"id": "CVE-2023-52736-09ec5dcf",
"deprecated": false,
"digest": {
"length": 824.0,
"function_hash": "202157028142570901069707467747433513821"
},
"signature_version": "v1",
"target": {
"function": "snd_hda_codec_cleanup_for_unbind",
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fc4e7191eae9d9325511e03deadfdb2224914f8"
},
{
"id": "CVE-2023-52736-10fd28cd",
"deprecated": false,
"digest": {
"line_hashes": [
"19901105317172817474523829776500159128",
"261985305978078265294728142187406150456",
"11741176461708305763240700496325170792",
"128568594628539234625414005080815528212"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fc4e7191eae9d9325511e03deadfdb2224914f8"
},
{
"id": "CVE-2023-52736-1353a701",
"deprecated": false,
"digest": {
"line_hashes": [
"19901105317172817474523829776500159128",
"261985305978078265294728142187406150456",
"11741176461708305763240700496325170792",
"128568594628539234625414005080815528212"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@427ca2530da8dc61a42620d7113b05e187b6c2c0"
},
{
"id": "CVE-2023-52736-24457910",
"deprecated": false,
"digest": {
"length": 1209.0,
"function_hash": "289594479213676934870168285674712601126"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_probe",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
},
{
"id": "CVE-2023-52736-2e477d23",
"deprecated": false,
"digest": {
"line_hashes": [
"192198464299861792148627749820103637806",
"194010264102122307878824854372864477018",
"194560593348981747528316753153613836640",
"327430049653773216474890970197060136487",
"173284683752069205895682270996480216656",
"232550327297659883516020758193505017513",
"186114721180779968892594577432525289960",
"327134969943011146829847584315930887106"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87978e6ad45a16835cc58234451111091be3c59a"
},
{
"id": "CVE-2023-52736-382bbe4c",
"deprecated": false,
"digest": {
"line_hashes": [
"192198464299861792148627749820103637806",
"194010264102122307878824854372864477018",
"194560593348981747528316753153613836640",
"327430049653773216474890970197060136487",
"173284683752069205895682270996480216656",
"232550327297659883516020758193505017513",
"186114721180779968892594577432525289960",
"327134969943011146829847584315930887106"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
},
{
"id": "CVE-2023-52736-43af621e",
"deprecated": false,
"digest": {
"line_hashes": [
"192198464299861792148627749820103637806",
"194010264102122307878824854372864477018",
"194560593348981747528316753153613836640",
"327430049653773216474890970197060136487",
"194875597649570324958830163955900066903",
"232550327297659883516020758193505017513",
"186114721180779968892594577432525289960",
"327134969943011146829847584315930887106"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fc4e7191eae9d9325511e03deadfdb2224914f8"
},
{
"id": "CVE-2023-52736-54c50813",
"deprecated": false,
"digest": {
"line_hashes": [
"192198464299861792148627749820103637806",
"194010264102122307878824854372864477018",
"194560593348981747528316753153613836640",
"327430049653773216474890970197060136487",
"173284683752069205895682270996480216656",
"232550327297659883516020758193505017513",
"186114721180779968892594577432525289960",
"327134969943011146829847584315930887106"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@427ca2530da8dc61a42620d7113b05e187b6c2c0"
},
{
"id": "CVE-2023-52736-6cd2c69e",
"deprecated": false,
"digest": {
"length": 408.0,
"function_hash": "27170504712811365918288516776079254681"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_remove",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fc4e7191eae9d9325511e03deadfdb2224914f8"
},
{
"id": "CVE-2023-52736-81f8c302",
"deprecated": false,
"digest": {
"length": 1209.0,
"function_hash": "289594479213676934870168285674712601126"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_probe",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7fc4e7191eae9d9325511e03deadfdb2224914f8"
},
{
"id": "CVE-2023-52736-8944d540",
"deprecated": false,
"digest": {
"length": 588.0,
"function_hash": "186838402678180172851933339937951760218"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_remove",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87978e6ad45a16835cc58234451111091be3c59a"
},
{
"id": "CVE-2023-52736-a84784e4",
"deprecated": false,
"digest": {
"length": 897.0,
"function_hash": "132160212058199872821713232360645770549"
},
"signature_version": "v1",
"target": {
"function": "snd_hda_codec_cleanup_for_unbind",
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87978e6ad45a16835cc58234451111091be3c59a"
},
{
"id": "CVE-2023-52736-a9e5e980",
"deprecated": false,
"digest": {
"length": 588.0,
"function_hash": "186838402678180172851933339937951760218"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_remove",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@427ca2530da8dc61a42620d7113b05e187b6c2c0"
},
{
"id": "CVE-2023-52736-c0e70d4e",
"deprecated": false,
"digest": {
"length": 897.0,
"function_hash": "132160212058199872821713232360645770549"
},
"signature_version": "v1",
"target": {
"function": "snd_hda_codec_cleanup_for_unbind",
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@427ca2530da8dc61a42620d7113b05e187b6c2c0"
},
{
"id": "CVE-2023-52736-cff837da",
"deprecated": false,
"digest": {
"line_hashes": [
"19901105317172817474523829776500159128",
"261985305978078265294728142187406150456",
"11741176461708305763240700496325170792",
"128568594628539234625414005080815528212"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
},
{
"id": "CVE-2023-52736-e209cedf",
"deprecated": false,
"digest": {
"line_hashes": [
"19901105317172817474523829776500159128",
"261985305978078265294728142187406150456",
"11741176461708305763240700496325170792",
"128568594628539234625414005080815528212"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@87978e6ad45a16835cc58234451111091be3c59a"
},
{
"id": "CVE-2023-52736-e2d28c57",
"deprecated": false,
"digest": {
"length": 883.0,
"function_hash": "236000080653459871331573626674204759500"
},
"signature_version": "v1",
"target": {
"function": "snd_hda_codec_cleanup_for_unbind",
"file": "sound/pci/hda/hda_codec.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e909f5f2aa55a8f9aa6919cce08015cb0e8d4668"
},
{
"id": "CVE-2023-52736-ef132fb8",
"deprecated": false,
"digest": {
"length": 1209.0,
"function_hash": "289594479213676934870168285674712601126"
},
"signature_version": "v1",
"target": {
"function": "hda_codec_driver_probe",
"file": "sound/pci/hda/hda_bind.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@427ca2530da8dc61a42620d7113b05e187b6c2c0"
}
]