CVE-2023-53788

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the ALSA subsystem, specifically within the ca0132 driver. The tuning ctl set() function may experience a buffer overrun when the loop does not break due to a non-match, potentially leading to issues when calling dspio set param(). The issue occurs because the loop counter i can reach an out-of-bounds value, resulting in an invalid array index access. The vulnerable code section involves accessing ca0132 tuning ctls[i].mid within the dspio set param() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.