CVE-2023-52987

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-52987
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52987.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52987
Downstream
Published
2025-03-27T16:43:24.225Z
Modified
2026-02-24T10:36:53.983112Z
Summary
ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write()
Details

In the Linux kernel, the following vulnerability has been resolved:

ASoC: SOF: ipc4-mtrace: prevent underflow in sofipc4prioritymaskdfs_write()

The "id" comes from the user. Change the type to unsigned to prevent an array underflow.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52987.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f4ea22f7aa7536560097d765be56445933d07e0d
Fixed
d52f34784e4e2f6e77671a9f104d8a69a3b5d24c
Fixed
ea57680af47587397f5005d7758022441ed66d54

Affected versions

v6.*
v6.0
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2-rc1

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2023-52987-096301ec",
        "signature_version": "v1",
        "digest": {
            "function_hash": "110260568650805491795245192937756097606",
            "length": 611.0
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ea57680af47587397f5005d7758022441ed66d54",
        "signature_type": "Function",
        "target": {
            "file": "sound/soc/sof/ipc4-mtrace.c",
            "function": "sof_ipc4_priority_mask_dfs_write"
        }
    },
    {
        "id": "CVE-2023-52987-11498a94",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "162268643403140312277841448858842982874",
                "37842780346914790764236154090224333870",
                "238787098150694526747689434375983270332",
                "339948979988810871973816395975268047842",
                "281298758624511035145836380784906231655",
                "31518360596212207833801696227799646308",
                "275807388859136437639146153073438928188",
                "247199360157891162182204009326339804423",
                "333579283806330694001634407008169325325",
                "303743223103566411534511608569911846339",
                "215550138577705485149668837882555300247",
                "235150803301549256932325849830596016342"
            ]
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ea57680af47587397f5005d7758022441ed66d54",
        "signature_type": "Line",
        "target": {
            "file": "sound/soc/sof/ipc4-mtrace.c"
        }
    },
    {
        "id": "CVE-2023-52987-2090d409",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "162268643403140312277841448858842982874",
                "37842780346914790764236154090224333870",
                "238787098150694526747689434375983270332",
                "339948979988810871973816395975268047842",
                "281298758624511035145836380784906231655",
                "31518360596212207833801696227799646308",
                "275807388859136437639146153073438928188",
                "247199360157891162182204009326339804423",
                "333579283806330694001634407008169325325",
                "303743223103566411534511608569911846339",
                "215550138577705485149668837882555300247",
                "235150803301549256932325849830596016342"
            ]
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d52f34784e4e2f6e77671a9f104d8a69a3b5d24c",
        "signature_type": "Line",
        "target": {
            "file": "sound/soc/sof/ipc4-mtrace.c"
        }
    },
    {
        "id": "CVE-2023-52987-9d9b6830",
        "signature_version": "v1",
        "digest": {
            "function_hash": "110260568650805491795245192937756097606",
            "length": 611.0
        },
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d52f34784e4e2f6e77671a9f104d8a69a3b5d24c",
        "signature_type": "Function",
        "target": {
            "file": "sound/soc/sof/ipc4-mtrace.c",
            "function": "sof_ipc4_priority_mask_dfs_write"
        }
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52987.json"

Git / github.com/gregkh/linux

Affected ranges

Type
GIT
Repo
https://github.com/gregkh/linux
Events
Introduced
830b3c68c1fb1e9176028d02ef86f3cf76aa2476
Fixed
d60c95efffe84428e3611431bf688f50bfc13f4e

Affected versions

v6.*
v6.1
v6.1.1
v6.1.10
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52987.json"