CVE-2023-53788
- Source
- https://cve.org/CVERecord?id=CVE-2023-53788
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53788.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-53788
- Downstream
- Related
- Published
- 2025-12-09T00:00:43.777Z
- Modified
- 2026-04-02T09:45:11.506902Z
- Summary
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/ca0132: fixup buffer overrun at tuningctlset()
tuningctlset() might have buffer overrun at (X) if it didn't break from loop by matching (A).
static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++)(A) if (nid == ca0132tuningctls[i].nid) break;
snd_hda_power_up(...);(X) dspiosetparam(..., ca0132tuningctls[i].mid, ...); sndhdapower_down(...); ^
return 1; }We will get below error by cppcheck
sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12 for (i = 0; i < TUNING_CTLS_COUNT; i++) ^ sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20, ^This patch cares non match case.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53788.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/32854bc91ae7debcdefdc7ae881ed83385a04792
- https://git.kernel.org/stable/c/3590498117a11aa1f92a97e8a04d95320e347ebd
- https://git.kernel.org/stable/c/734a3deb6614e3597e7e9ef7fb6006c593c5ee18
- https://git.kernel.org/stable/c/7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99
- https://git.kernel.org/stable/c/98e5eb110095ec77cb6d775051d181edbf9cd3cf
- https://git.kernel.org/stable/c/baef27176ea5fdc7ad0947e2dc7733855e35db71
- https://git.kernel.org/stable/c/d23f65f08247068576a01e28b297e995b7dc3965
- https://git.kernel.org/stable/c/ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53788.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53788
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced44f0c9782cc6ab71ea947f8f710a46f2078a151cFixedff5e8b49348f6a550c136b74efaf8b3c1d3ceaeaFixed3590498117a11aa1f92a97e8a04d95320e347ebdFixed7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99Fixedbaef27176ea5fdc7ad0947e2dc7733855e35db71Fixedd23f65f08247068576a01e28b297e995b7dc3965Fixed32854bc91ae7debcdefdc7ae881ed83385a04792Fixed734a3deb6614e3597e7e9ef7fb6006c593c5ee18Fixed98e5eb110095ec77cb6d775051d181edbf9cd3cf
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.9.0Fixed4.14.312
- Type
- ECOSYSTEM
- Events
-
Introduced4.15.0Fixed4.19.280
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.240
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.177
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.106
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.23
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.2.10