PT-2025-41092 · Linux+3 · Linux Kernel+3

Published

2023-06-15

Updated

2025-12-04

CVE-2023-53648

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's ALSA subsystem, specifically within the ac97 codec handling in the snd ac97 mixer() function. The issue involves a potential NULL dereference, which could occur if the rac97 variable is NULL. The fix removes a redundant assignment and introduces a check to return an error if rac97 is NULL, preventing the dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_16880

BDU:2026-04090

CESA-2024_3138

CVE-2023-53648

OESA-2025-2553

RHSA-2024:3138

RHSA-2024_3138

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-41092 · Linux+3 · Linux Kernel+3

CVE-2023-53648

Weakness Enumeration

Related Identifiers

Affected Products

References · 1423