Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.1, < 4.14.306 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1b9256c96220bcdba287eeeb90e7c910c77f8c46Patch
- https://git.kernel.org/stable/c/2b557fa635e7487f638c0f030c305870839eeda2Patch
- https://git.kernel.org/stable/c/437e50ef6290ac835d526d0e45f466a0aa69ba1bPatch
- https://git.kernel.org/stable/c/6e1f586ddec48d71016b81acf68ba9f49ca54db8Patch
- https://git.kernel.org/stable/c/b9cee506da2b7920b5ea02ccd8e78a907d0ee7aaPatch
- https://git.kernel.org/stable/c/d6870f3800dbb212ae8433183ee82f566d067c6cPatch
- https://git.kernel.org/stable/c/f011360ad234a07cb6fbcc720fff646a93a9f0d6Patch
FAQ
What is CVE-2023-52988?
CVE-2023-52988 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error c...
How severe is CVE-2023-52988?
CVE-2023-52988 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-52988?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.