Home

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++) (A) if (nid == ca0132_tuning_ctls[i].nid) break; snd_hda_power_up(...); (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); snd_hda_power_down(...); ^ return 1; } We will get below error by cppcheck sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12 for (i = 0; i < TUNING_CTLS_COUNT; i++) ^ sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20, ^ This patch cares non match case.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-09 | Updated 2025-12-09 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3590498117a11aa1f92a97e8a04d95320e347ebd
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before baef27176ea5fdc7ad0947e2dc7733855e35db71
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before d23f65f08247068576a01e28b297e995b7dc3965
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 32854bc91ae7debcdefdc7ae881ed83385a04792
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 734a3deb6614e3597e7e9ef7fb6006c593c5ee18
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 98e5eb110095ec77cb6d775051d181edbf9cd3cf
affected

Default status
affected

4.14.312 (semver)
unaffected

4.19.280 (semver)
unaffected

5.4.240 (semver)
unaffected

5.10.177 (semver)
unaffected

5.15.106 (semver)
unaffected

6.1.23 (semver)
unaffected

6.2.10 (semver)
unaffected

6.3 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/ff5e8b49348f6a550c136b74efaf8b3c1d3ceaea

git.kernel.org/...c/3590498117a11aa1f92a97e8a04d95320e347ebd

git.kernel.org/...c/7f12f99b8017ad5ed5aff4b0aefe3bb7bbdf8a99

git.kernel.org/...c/baef27176ea5fdc7ad0947e2dc7733855e35db71

git.kernel.org/...c/d23f65f08247068576a01e28b297e995b7dc3965

git.kernel.org/...c/32854bc91ae7debcdefdc7ae881ed83385a04792

git.kernel.org/...c/734a3deb6614e3597e7e9ef7fb6006c593c5ee18

git.kernel.org/...c/98e5eb110095ec77cb6d775051d181edbf9cd3cf

cve.org (CVE-2023-53788)

nvd.nist.gov (CVE-2023-53788)

Download JSON