DEBIAN-CVE-2023-54259
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-54259
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54259.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-54259
- Upstream
- Published
- 2025-12-30T13:16:14.670Z
- Modified
- 2026-01-05T18:19:36.064930Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput() causing usage count underflow This reverts commit 443a98e649b4 ("soundwire: bus: use pmruntimeresumeandget()") Change calls to pmruntimeresumeandget() back to pmruntimegetsync(). This fixes a usage count underrun caused by doing a pmruntimeput() even though pmruntimeresumeandget() returned an error. The three affected functions ignore -EACCES error from trying to get pmruntime, and carry on, including a put at the end of the function. But pmruntimeresumeandget() does not increment the usage count if it returns an error. So in the -EACCES case you must not call pmruntimeput(). The documentation for pmruntimegetsync() says: "Consider using pmruntimeresumeandget() ... as this is likely to result in cleaner code." In this case I don't think it results in cleaner code because the pmruntimeput() at the end of the function would have to be conditional on the return value from pmruntimeresumeandget() at the top of the function. pmruntimegetsync() doesn't have this problem because it always increments the count, so always needs a put. The code can just flow through and do the pmruntimeput() unconditionally.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source